General

  • Target

    40bbe10db80d2382bdf45137232a7d2c

  • Size

    688KB

  • Sample

    240104-nhz3kahbb5

  • MD5

    40bbe10db80d2382bdf45137232a7d2c

  • SHA1

    0d219b45cc526463fef14e10160615bce87cd147

  • SHA256

    63233f6b4a4a8950500a09b524dbdfe23c7b290239c73e78aaf198798a765294

  • SHA512

    42e6c5600318f32863fbfa2f90f72d0a71178ce478efdb6ff44596aad3a4c4150b81fed53ee54fc3f69e3dc8cc360003db287dd2d33addf2719945b9c8fabe5a

  • SSDEEP

    12288:rqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:rqGBHTxvt+g2gYed

Malware Config

Targets

    • Target

      40bbe10db80d2382bdf45137232a7d2c

    • Size

      688KB

    • MD5

      40bbe10db80d2382bdf45137232a7d2c

    • SHA1

      0d219b45cc526463fef14e10160615bce87cd147

    • SHA256

      63233f6b4a4a8950500a09b524dbdfe23c7b290239c73e78aaf198798a765294

    • SHA512

      42e6c5600318f32863fbfa2f90f72d0a71178ce478efdb6ff44596aad3a4c4150b81fed53ee54fc3f69e3dc8cc360003db287dd2d33addf2719945b9c8fabe5a

    • SSDEEP

      12288:rqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:rqGBHTxvt+g2gYed

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks