General

  • Target

    587d3473e7e68f7a825dd6df305297a7

  • Size

    1.7MB

  • Sample

    240113-knmsmsfcbn

  • MD5

    587d3473e7e68f7a825dd6df305297a7

  • SHA1

    705a4a7781935f8f0dc8badf815cb5ce8f992dc4

  • SHA256

    4be53090f377d914d1fe430c040ccf2dcc7307dd5cd1191bdbbdef6a1f507ef6

  • SHA512

    fd9c344d9811b1114d5a0b00c44a8c8777ba98fec32ffd3fb53ca4da14a3b1fed58f7d8adda3f761c0230b385bb1a166599b016a3d483f9d8a29acf151231e57

  • SSDEEP

    12288:6VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1k:nfP7fWsK5z9A+WGAW+V5SB6Ct4bnbk

Malware Config

Targets

    • Target

      587d3473e7e68f7a825dd6df305297a7

    • Size

      1.7MB

    • MD5

      587d3473e7e68f7a825dd6df305297a7

    • SHA1

      705a4a7781935f8f0dc8badf815cb5ce8f992dc4

    • SHA256

      4be53090f377d914d1fe430c040ccf2dcc7307dd5cd1191bdbbdef6a1f507ef6

    • SHA512

      fd9c344d9811b1114d5a0b00c44a8c8777ba98fec32ffd3fb53ca4da14a3b1fed58f7d8adda3f761c0230b385bb1a166599b016a3d483f9d8a29acf151231e57

    • SSDEEP

      12288:6VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1k:nfP7fWsK5z9A+WGAW+V5SB6Ct4bnbk

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks