General

  • Target

    4284bc81e9158eb0601f5e1c8867db42

  • Size

    2.5MB

  • Sample

    240105-cr2f7shba8

  • MD5

    4284bc81e9158eb0601f5e1c8867db42

  • SHA1

    e48548a5286eba057c949ede146e4108c90fd585

  • SHA256

    abb8faf913b3e17267be4035f29d4b95f674cd1cd2ed669ebe408306ce6ce263

  • SHA512

    cf5e3e74f19dd0f72c6800685875f6e26bf8073e6a5a9539f582c0ca2ed4669e43cfa6db803652be69304bef174b8b69b9f95cf29b04f5d76a3b910e1472dae0

  • SSDEEP

    12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1nS:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnbnS

Malware Config

Targets

    • Target

      4284bc81e9158eb0601f5e1c8867db42

    • Size

      2.5MB

    • MD5

      4284bc81e9158eb0601f5e1c8867db42

    • SHA1

      e48548a5286eba057c949ede146e4108c90fd585

    • SHA256

      abb8faf913b3e17267be4035f29d4b95f674cd1cd2ed669ebe408306ce6ce263

    • SHA512

      cf5e3e74f19dd0f72c6800685875f6e26bf8073e6a5a9539f582c0ca2ed4669e43cfa6db803652be69304bef174b8b69b9f95cf29b04f5d76a3b910e1472dae0

    • SSDEEP

      12288:JVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1nS:ofP7fWsK5z9A+WGAW+V5SB6Ct4bnbnS

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks