General

  • Target

    29b903e2ff6db0e1aa56dc3d6f2fa46c

  • Size

    1.6MB

  • Sample

    231231-fzqlfseca3

  • MD5

    29b903e2ff6db0e1aa56dc3d6f2fa46c

  • SHA1

    e91dba93b5fa20235d8d3d34521b9b0b7993eeef

  • SHA256

    e2ea6ece1e6886a76ee5b364587a5f740c4991d653b5b21f83c25c2bef294287

  • SHA512

    cd2455c62b3e33dbaf7e3a50034c921ddb28aac9ec67133e3017dc636ef84169c77e4626802a903ef128f6b3d4b602ecf95f12cc7ff59712a68c6929f87142a7

  • SSDEEP

    12288:tVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:0fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      29b903e2ff6db0e1aa56dc3d6f2fa46c

    • Size

      1.6MB

    • MD5

      29b903e2ff6db0e1aa56dc3d6f2fa46c

    • SHA1

      e91dba93b5fa20235d8d3d34521b9b0b7993eeef

    • SHA256

      e2ea6ece1e6886a76ee5b364587a5f740c4991d653b5b21f83c25c2bef294287

    • SHA512

      cd2455c62b3e33dbaf7e3a50034c921ddb28aac9ec67133e3017dc636ef84169c77e4626802a903ef128f6b3d4b602ecf95f12cc7ff59712a68c6929f87142a7

    • SSDEEP

      12288:tVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:0fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks