General

  • Target

    4057f3f059042cd74d9b6673a0cac7a1

  • Size

    1.7MB

  • Sample

    240104-j28ftsbgem

  • MD5

    4057f3f059042cd74d9b6673a0cac7a1

  • SHA1

    c4b2085e09b08ef9fe8ae73c0e239637310a0a94

  • SHA256

    c0e503e239b73c3bf265e8ad473661c7f9fe7c69f9f31e7a0c3e7f72587e726e

  • SHA512

    afc70eca81c55c4b915c10ac4ed1bdad7d8086748bcf83ebb698a8768149b59eca04ccfae0bae9ca549d7b60183faa719928e3aff476f505b3e75865dedeafc1

  • SSDEEP

    12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1kt:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnbkt

Malware Config

Targets

    • Target

      4057f3f059042cd74d9b6673a0cac7a1

    • Size

      1.7MB

    • MD5

      4057f3f059042cd74d9b6673a0cac7a1

    • SHA1

      c4b2085e09b08ef9fe8ae73c0e239637310a0a94

    • SHA256

      c0e503e239b73c3bf265e8ad473661c7f9fe7c69f9f31e7a0c3e7f72587e726e

    • SHA512

      afc70eca81c55c4b915c10ac4ed1bdad7d8086748bcf83ebb698a8768149b59eca04ccfae0bae9ca549d7b60183faa719928e3aff476f505b3e75865dedeafc1

    • SSDEEP

      12288:wVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1kt:1fP7fWsK5z9A+WGAW+V5SB6Ct4bnbkt

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks