General

  • Target

    7dfc5de3055bae2c2056b13cdd47a090

  • Size

    1.7MB

  • Sample

    240128-zshf2sbfen

  • MD5

    7dfc5de3055bae2c2056b13cdd47a090

  • SHA1

    51978d2febcabd2e969a15e71da3d4b572a2053d

  • SHA256

    d95cc0433afb03437c023c244ea84af4d4adb9e3f99de177b77f27dde047399e

  • SHA512

    d8810393576a5e82348cb00d700ad8a2731a2ef8029db264a2739dde9cd85f334a1508f53b604f4fe90d44ba88915bf48d94bd9a4466da4efd21ced49c64cde0

  • SSDEEP

    12288:vVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:GfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      7dfc5de3055bae2c2056b13cdd47a090

    • Size

      1.7MB

    • MD5

      7dfc5de3055bae2c2056b13cdd47a090

    • SHA1

      51978d2febcabd2e969a15e71da3d4b572a2053d

    • SHA256

      d95cc0433afb03437c023c244ea84af4d4adb9e3f99de177b77f27dde047399e

    • SHA512

      d8810393576a5e82348cb00d700ad8a2731a2ef8029db264a2739dde9cd85f334a1508f53b604f4fe90d44ba88915bf48d94bd9a4466da4efd21ced49c64cde0

    • SSDEEP

      12288:vVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:GfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks