General

  • Target

    8f47d7f17ed8067737ffb9629714cc36

  • Size

    1.4MB

  • Sample

    240204-qvphpsdbgk

  • MD5

    8f47d7f17ed8067737ffb9629714cc36

  • SHA1

    33beec6ff3949316746bfb7f1c8516d652b0f1b4

  • SHA256

    2668cbf657cdea444368b7de1f2cdeeff1e31d311170dce5f4844be4ae50d2c8

  • SHA512

    60c63ac72c8cde9b09bd2c3da7a97c45040aec6345ede73284c98b2cbba1de9e3a465468d40222e274ea5dee3e9dc0c0452bdf63197d74806e4c57bda0561de3

  • SSDEEP

    12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1pt:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnbpt

Malware Config

Targets

    • Target

      8f47d7f17ed8067737ffb9629714cc36

    • Size

      1.4MB

    • MD5

      8f47d7f17ed8067737ffb9629714cc36

    • SHA1

      33beec6ff3949316746bfb7f1c8516d652b0f1b4

    • SHA256

      2668cbf657cdea444368b7de1f2cdeeff1e31d311170dce5f4844be4ae50d2c8

    • SHA512

      60c63ac72c8cde9b09bd2c3da7a97c45040aec6345ede73284c98b2cbba1de9e3a465468d40222e274ea5dee3e9dc0c0452bdf63197d74806e4c57bda0561de3

    • SSDEEP

      12288:WVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1pt:LfP7fWsK5z9A+WGAW+V5SB6Ct4bnbpt

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks