General

  • Target

    818f6364c18d61853f5e7875c46b41b7

  • Size

    2.2MB

  • Sample

    240130-fxwdxsaear

  • MD5

    818f6364c18d61853f5e7875c46b41b7

  • SHA1

    0996afc6bdf46c9714f85894e9501c31573d80d0

  • SHA256

    354581ef623c4841ef267fae935ea55b0aa622c1de1aec7c31d3fbfe05005e00

  • SHA512

    4d4c4029cc74ea98745a605b7e1bd0cf5cc5aa05c77bb9ec6ff71a01797a5347cc7be07ab2c414e4c23128655f4eb4f30e80d76520e189e359487e30380a5866

  • SSDEEP

    12288:DVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:SfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      818f6364c18d61853f5e7875c46b41b7

    • Size

      2.2MB

    • MD5

      818f6364c18d61853f5e7875c46b41b7

    • SHA1

      0996afc6bdf46c9714f85894e9501c31573d80d0

    • SHA256

      354581ef623c4841ef267fae935ea55b0aa622c1de1aec7c31d3fbfe05005e00

    • SHA512

      4d4c4029cc74ea98745a605b7e1bd0cf5cc5aa05c77bb9ec6ff71a01797a5347cc7be07ab2c414e4c23128655f4eb4f30e80d76520e189e359487e30380a5866

    • SSDEEP

      12288:DVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:SfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks