General

  • Target

    984e5b8fc0960683f385b49dd2d2a7a9

  • Size

    2.2MB

  • Sample

    240213-dhagsseg93

  • MD5

    984e5b8fc0960683f385b49dd2d2a7a9

  • SHA1

    293fa7adddc9153ef81571252157d5a9c0215a78

  • SHA256

    8aa96bed0b354a953c76bf05918f6f25e2e8ff7b6dece5bb78d84322859c8f0e

  • SHA512

    3474f260dbaa17d7c6ba045268f152cf8dcaed4c342fc52e4e9c4198fa3b9685254a3844017ed783b3ecd24cae960ec2b20fd5b0ddcce805d1e7633173f95d86

  • SSDEEP

    12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Qd:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      984e5b8fc0960683f385b49dd2d2a7a9

    • Size

      2.2MB

    • MD5

      984e5b8fc0960683f385b49dd2d2a7a9

    • SHA1

      293fa7adddc9153ef81571252157d5a9c0215a78

    • SHA256

      8aa96bed0b354a953c76bf05918f6f25e2e8ff7b6dece5bb78d84322859c8f0e

    • SHA512

      3474f260dbaa17d7c6ba045268f152cf8dcaed4c342fc52e4e9c4198fa3b9685254a3844017ed783b3ecd24cae960ec2b20fd5b0ddcce805d1e7633173f95d86

    • SSDEEP

      12288:lVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1Qd:8fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks