General

  • Target

    640f49cd98c999ff077091a726bbeb8e

  • Size

    2.0MB

  • Sample

    240118-a94yyaacf5

  • MD5

    640f49cd98c999ff077091a726bbeb8e

  • SHA1

    4be588955385069f421c3e4f0f676e5c8c4d21d0

  • SHA256

    12af989f91dbb4bce1e1d5b7be0e0b03cc9b03d841d2f8f9069ae5043a8e698e

  • SHA512

    6600c0e9c181da74c1cdd95437029753b42a1ed803fe5ff33fd46e62d3b8e024e20de575447cdf574277a25b750b1cd2baf446018da3cb4ed0844835c973d381

  • SSDEEP

    12288:CVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1X:ffP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      640f49cd98c999ff077091a726bbeb8e

    • Size

      2.0MB

    • MD5

      640f49cd98c999ff077091a726bbeb8e

    • SHA1

      4be588955385069f421c3e4f0f676e5c8c4d21d0

    • SHA256

      12af989f91dbb4bce1e1d5b7be0e0b03cc9b03d841d2f8f9069ae5043a8e698e

    • SHA512

      6600c0e9c181da74c1cdd95437029753b42a1ed803fe5ff33fd46e62d3b8e024e20de575447cdf574277a25b750b1cd2baf446018da3cb4ed0844835c973d381

    • SSDEEP

      12288:CVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1X:ffP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks