General

  • Target

    42fb3ee5241879292ba25f13d72e481a

  • Size

    2.5MB

  • Sample

    240105-g631ssefgq

  • MD5

    42fb3ee5241879292ba25f13d72e481a

  • SHA1

    df702903feb49ad04aae18ccf146502eb3ea1942

  • SHA256

    fd5e34eee23d95710ee091014560dee606e8f934c8c2f1ad1151716bf1086a40

  • SHA512

    9c4c5bb780ff938bc89fdc8a1848939f1a64ae3f10ca3c5aa2acc4456ce16ea795f91b065942186d256df77be0133bf162e37f318a78464860d616bfd935bf95

  • SSDEEP

    12288:QVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/t:VfP7fWsK5z9A+WGAW+V5SB6Ct4bnb/t

Malware Config

Targets

    • Target

      42fb3ee5241879292ba25f13d72e481a

    • Size

      2.5MB

    • MD5

      42fb3ee5241879292ba25f13d72e481a

    • SHA1

      df702903feb49ad04aae18ccf146502eb3ea1942

    • SHA256

      fd5e34eee23d95710ee091014560dee606e8f934c8c2f1ad1151716bf1086a40

    • SHA512

      9c4c5bb780ff938bc89fdc8a1848939f1a64ae3f10ca3c5aa2acc4456ce16ea795f91b065942186d256df77be0133bf162e37f318a78464860d616bfd935bf95

    • SSDEEP

      12288:QVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/t:VfP7fWsK5z9A+WGAW+V5SB6Ct4bnb/t

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks