General

  • Target

    90d9438b34b8e0f5a7ff78f0a33057ff

  • Size

    668KB

  • Sample

    240205-dcbgxaagam

  • MD5

    90d9438b34b8e0f5a7ff78f0a33057ff

  • SHA1

    509b9592d18b2b62bb59b46f21bee1ff8b7098da

  • SHA256

    3cfc6b00299603753ebe179424e34883d0dde9e9e10397655386c423ca12527c

  • SHA512

    a650b594ffbd38cc515797a430014fbacf9e5912d34309638be644e662d23b23136cfd235e15075991528056ded17d3bd0b75d64f6c2a357e2250b4e9dc16c29

  • SSDEEP

    12288:5/5er07srUc7SfRidA+Fdf2cJwAmKcH21j03TFbA+y5+9g9enh/dQRTf0T:5hQ0IrUc7SIdA+PXJnmKcH214Nhy

Malware Config

Targets

    • Target

      90d9438b34b8e0f5a7ff78f0a33057ff

    • Size

      668KB

    • MD5

      90d9438b34b8e0f5a7ff78f0a33057ff

    • SHA1

      509b9592d18b2b62bb59b46f21bee1ff8b7098da

    • SHA256

      3cfc6b00299603753ebe179424e34883d0dde9e9e10397655386c423ca12527c

    • SHA512

      a650b594ffbd38cc515797a430014fbacf9e5912d34309638be644e662d23b23136cfd235e15075991528056ded17d3bd0b75d64f6c2a357e2250b4e9dc16c29

    • SSDEEP

      12288:5/5er07srUc7SfRidA+Fdf2cJwAmKcH21j03TFbA+y5+9g9enh/dQRTf0T:5hQ0IrUc7SIdA+PXJnmKcH214Nhy

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks