General

  • Target

    9b902e233aa6d816e1ebf8b83027db31

  • Size

    1.5MB

  • Sample

    240214-nntsqsab39

  • MD5

    9b902e233aa6d816e1ebf8b83027db31

  • SHA1

    1339f80d66e81dbe78a86ffea1a959336e3ea6fd

  • SHA256

    6c181e9a76b3b762b7500cd499c32230d9f3e43e0123f24979fa2bc60bf9976a

  • SHA512

    417daf2905f9fc6bdc68e7d60a002d743bb2d5c8d316f38e78f17e04b6139db7d58e72a76e96f5237136badd90289eb06cda8a935ddc1bf76f20e7355e987de3

  • SSDEEP

    12288:iVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/:/fP7fWsK5z9A+WGAW+V5SB6Ct4bnb/

Malware Config

Targets

    • Target

      9b902e233aa6d816e1ebf8b83027db31

    • Size

      1.5MB

    • MD5

      9b902e233aa6d816e1ebf8b83027db31

    • SHA1

      1339f80d66e81dbe78a86ffea1a959336e3ea6fd

    • SHA256

      6c181e9a76b3b762b7500cd499c32230d9f3e43e0123f24979fa2bc60bf9976a

    • SHA512

      417daf2905f9fc6bdc68e7d60a002d743bb2d5c8d316f38e78f17e04b6139db7d58e72a76e96f5237136badd90289eb06cda8a935ddc1bf76f20e7355e987de3

    • SSDEEP

      12288:iVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1/:/fP7fWsK5z9A+WGAW+V5SB6Ct4bnb/

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks