General

  • Target

    5c73ce8acd26a01655041010b2d4ff6a

  • Size

    848KB

  • Sample

    240115-hy369sbebl

  • MD5

    5c73ce8acd26a01655041010b2d4ff6a

  • SHA1

    d8781699300176bbbbd36489a1c82725c33edcb1

  • SHA256

    03691ec0a206c672022cbf25d02a4b0ab1f67bd6acf5782de498977d88e41474

  • SHA512

    9d73f66eb48fa1265751d612ac745f97780d97361b4ab864b8e9f37cbe3eb801fd85857191e0d0bfc10ec0add00e892a5b7a8c1b27ea5d378e277b713fbe384b

  • SSDEEP

    12288:3kbQEkWqv+157EYfxarhwLNuR7ek1tHffB/HzTyNQ6NIeGYr/R:3kbHkWfzZ5adwLNGeStHntqN7v

Malware Config

Targets

    • Target

      5c73ce8acd26a01655041010b2d4ff6a

    • Size

      848KB

    • MD5

      5c73ce8acd26a01655041010b2d4ff6a

    • SHA1

      d8781699300176bbbbd36489a1c82725c33edcb1

    • SHA256

      03691ec0a206c672022cbf25d02a4b0ab1f67bd6acf5782de498977d88e41474

    • SHA512

      9d73f66eb48fa1265751d612ac745f97780d97361b4ab864b8e9f37cbe3eb801fd85857191e0d0bfc10ec0add00e892a5b7a8c1b27ea5d378e277b713fbe384b

    • SSDEEP

      12288:3kbQEkWqv+157EYfxarhwLNuR7ek1tHffB/HzTyNQ6NIeGYr/R:3kbHkWfzZ5adwLNGeStHntqN7v

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks