General

  • Target

    73e4b574f7a058d63f9b35f74580a338

  • Size

    2.0MB

  • Sample

    240125-gh63jsaaer

  • MD5

    73e4b574f7a058d63f9b35f74580a338

  • SHA1

    4abd585b62be4d0a8efbd763891772521390c3f6

  • SHA256

    d8ae9023a64efcbaf60e37647a920cf6757fa96a6e1e7357d67a3ac970c86eca

  • SHA512

    4e9aa099ae2b51d59db1818768b34662b8b812fdd37a26aa72bb7994b3219b34d1f0e14902154ae5c51eade8bdcf5bb0da7aa48fe23f7ca6de3c36974b4f5d97

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1L:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      73e4b574f7a058d63f9b35f74580a338

    • Size

      2.0MB

    • MD5

      73e4b574f7a058d63f9b35f74580a338

    • SHA1

      4abd585b62be4d0a8efbd763891772521390c3f6

    • SHA256

      d8ae9023a64efcbaf60e37647a920cf6757fa96a6e1e7357d67a3ac970c86eca

    • SHA512

      4e9aa099ae2b51d59db1818768b34662b8b812fdd37a26aa72bb7994b3219b34d1f0e14902154ae5c51eade8bdcf5bb0da7aa48fe23f7ca6de3c36974b4f5d97

    • SSDEEP

      12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1L:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks