General

  • Target

    6b2fb57199a0f55f49fc0b789c648d8f

  • Size

    660KB

  • Sample

    240120-xgy9baegap

  • MD5

    6b2fb57199a0f55f49fc0b789c648d8f

  • SHA1

    e2f1f1f40061ab510d2660fae69a78718eaf2afd

  • SHA256

    91e3ce41002c675b3c1fb73ecb4b2c055d2560a0c909753a9ad1f26f47d1d2b0

  • SHA512

    b4dbf4859b61a180b6d1473b065e7fc76153679e505f4cf9896a4757c34d088c4cb335421880aa702cb82ed29ae79b14f71045b56463d64f72741d99c39a84c4

  • SSDEEP

    6144:a34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:aIKp/UWCZdCDh2IZDwAFRpR6Au

Malware Config

Targets

    • Target

      6b2fb57199a0f55f49fc0b789c648d8f

    • Size

      660KB

    • MD5

      6b2fb57199a0f55f49fc0b789c648d8f

    • SHA1

      e2f1f1f40061ab510d2660fae69a78718eaf2afd

    • SHA256

      91e3ce41002c675b3c1fb73ecb4b2c055d2560a0c909753a9ad1f26f47d1d2b0

    • SHA512

      b4dbf4859b61a180b6d1473b065e7fc76153679e505f4cf9896a4757c34d088c4cb335421880aa702cb82ed29ae79b14f71045b56463d64f72741d99c39a84c4

    • SSDEEP

      6144:a34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:aIKp/UWCZdCDh2IZDwAFRpR6Au

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks