General

  • Target

    1f757ecf4a083364ad33710c0020ba16.exe

  • Size

    2.1MB

  • Sample

    240104-yvlqtaabcr

  • MD5

    1f757ecf4a083364ad33710c0020ba16

  • SHA1

    56ccd119e1e9cb929a36f21bb61d81688fb02366

  • SHA256

    d94814b7b97e9e0955a9c3e04b7eb9de7246902dd6a3f203806a9715b4e6436e

  • SHA512

    80d31d0bd718e014d98e543b7c1ee07ebe496f48292d2c6b236c71944ec65b35f063be1366f63a6f36cce9650b0db7757affe30b298795955d11698ab2a498e1

  • SSDEEP

    12288:FVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1kvz:cfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      1f757ecf4a083364ad33710c0020ba16.exe

    • Size

      2.1MB

    • MD5

      1f757ecf4a083364ad33710c0020ba16

    • SHA1

      56ccd119e1e9cb929a36f21bb61d81688fb02366

    • SHA256

      d94814b7b97e9e0955a9c3e04b7eb9de7246902dd6a3f203806a9715b4e6436e

    • SHA512

      80d31d0bd718e014d98e543b7c1ee07ebe496f48292d2c6b236c71944ec65b35f063be1366f63a6f36cce9650b0db7757affe30b298795955d11698ab2a498e1

    • SSDEEP

      12288:FVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1kvz:cfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks