General

  • Target

    38ec817281b968a0e07a9a5123de5f8c

  • Size

    2.2MB

  • Sample

    231231-q99geshccn

  • MD5

    38ec817281b968a0e07a9a5123de5f8c

  • SHA1

    549dce6f609e86714667fc86c29c2937ad350fd2

  • SHA256

    9e1ac6a5594d7742eb158084b9e056709d59cdc0974efec1116261fb87fb6225

  • SHA512

    0e03f18262b6a0e75361afc064ff707678bb3977da1bf9565ecc032f621e8796a284d89d4bfdf9813080ef5369d418ba667510d4f6f1890d0202021345f45639

  • SSDEEP

    12288:4VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1LbqsU:tfP7fWsK5z9A+WGAW+V5SB6Ct4bnbi

Malware Config

Targets

    • Target

      38ec817281b968a0e07a9a5123de5f8c

    • Size

      2.2MB

    • MD5

      38ec817281b968a0e07a9a5123de5f8c

    • SHA1

      549dce6f609e86714667fc86c29c2937ad350fd2

    • SHA256

      9e1ac6a5594d7742eb158084b9e056709d59cdc0974efec1116261fb87fb6225

    • SHA512

      0e03f18262b6a0e75361afc064ff707678bb3977da1bf9565ecc032f621e8796a284d89d4bfdf9813080ef5369d418ba667510d4f6f1890d0202021345f45639

    • SSDEEP

      12288:4VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1LbqsU:tfP7fWsK5z9A+WGAW+V5SB6Ct4bnbi

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks