General

  • Target

    672feea11a362219307b071df8f2dfa3

  • Size

    2.2MB

  • Sample

    240119-knk9tabbb5

  • MD5

    672feea11a362219307b071df8f2dfa3

  • SHA1

    580f8a932ac435b2b29011b922f9e75316e15398

  • SHA256

    2ba43678d9bb9bc374a126ea5792659d1b09bcb9ecb21dcbc233889a27082eef

  • SHA512

    36bb2bf5572df4cd8e33042a08e3bc7b2c22cce687ecb61feb254f04c6c486a0228cb8d747d7833bbbb6300fa51b0aed24b19f6a23bf7ba34a5ae03a7519147c

  • SSDEEP

    12288:4VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Yt:tfP7fWsK5z9A+WGAW+V5SB6Ct4bnbYt

Malware Config

Targets

    • Target

      672feea11a362219307b071df8f2dfa3

    • Size

      2.2MB

    • MD5

      672feea11a362219307b071df8f2dfa3

    • SHA1

      580f8a932ac435b2b29011b922f9e75316e15398

    • SHA256

      2ba43678d9bb9bc374a126ea5792659d1b09bcb9ecb21dcbc233889a27082eef

    • SHA512

      36bb2bf5572df4cd8e33042a08e3bc7b2c22cce687ecb61feb254f04c6c486a0228cb8d747d7833bbbb6300fa51b0aed24b19f6a23bf7ba34a5ae03a7519147c

    • SSDEEP

      12288:4VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Yt:tfP7fWsK5z9A+WGAW+V5SB6Ct4bnbYt

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks