General

  • Target

    6b6301393edd106e77d45cc57b552b52

  • Size

    3.5MB

  • Sample

    240120-y6yvhsgafp

  • MD5

    6b6301393edd106e77d45cc57b552b52

  • SHA1

    a993d5a789eb5e9e94bb02b74b1211a0192384af

  • SHA256

    c4ad1b4e81e031ce20042ad7d4ef8f0d5febbcd3e3816a628dd03269fc5140bd

  • SHA512

    37e9f45c16dd6c2978bc455f67b1212b5698ada38999a06094aef672c15c35d3c2a2a65249b60d402ca13eedd9d2c662a354aa6c4ca1fe64b305fb59ddfecb7d

  • SSDEEP

    12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1u:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      6b6301393edd106e77d45cc57b552b52

    • Size

      3.5MB

    • MD5

      6b6301393edd106e77d45cc57b552b52

    • SHA1

      a993d5a789eb5e9e94bb02b74b1211a0192384af

    • SHA256

      c4ad1b4e81e031ce20042ad7d4ef8f0d5febbcd3e3816a628dd03269fc5140bd

    • SHA512

      37e9f45c16dd6c2978bc455f67b1212b5698ada38999a06094aef672c15c35d3c2a2a65249b60d402ca13eedd9d2c662a354aa6c4ca1fe64b305fb59ddfecb7d

    • SSDEEP

      12288:aVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1u:HfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks