General

  • Target

    6dfd7436bd4deb041e0a6690557c4397

  • Size

    1.5MB

  • Sample

    240121-zmhjvsaed9

  • MD5

    6dfd7436bd4deb041e0a6690557c4397

  • SHA1

    8689cb744b5e5d497a20d4f95a479cf3d1b07ef7

  • SHA256

    670c71a7ce5a1d03db1879db686c7f2ba96a4e6488cc14aa093b3831ea02405d

  • SHA512

    a86ae46acc04e5f976c9410544c1977949ba48fc26bd05d0324ae59db0cfe178873e18029290f81950ac2b58fb4a2a43b699e15123b46dfd282b011f159fc085

  • SSDEEP

    12288:qVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:3fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      6dfd7436bd4deb041e0a6690557c4397

    • Size

      1.5MB

    • MD5

      6dfd7436bd4deb041e0a6690557c4397

    • SHA1

      8689cb744b5e5d497a20d4f95a479cf3d1b07ef7

    • SHA256

      670c71a7ce5a1d03db1879db686c7f2ba96a4e6488cc14aa093b3831ea02405d

    • SHA512

      a86ae46acc04e5f976c9410544c1977949ba48fc26bd05d0324ae59db0cfe178873e18029290f81950ac2b58fb4a2a43b699e15123b46dfd282b011f159fc085

    • SSDEEP

      12288:qVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:3fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks