General
-
Target
0bc57ba35fdd2ba7868a82512650b287f7168d52d25c4fddb8b423b773eaa6b1
-
Size
1.1MB
-
Sample
241012-rtyknavfmd
-
MD5
bd5c5e5fd3ccc87376233a873effa08e
-
SHA1
76e9011550b052c0f12294f12fa77fa53e7b309e
-
SHA256
0bc57ba35fdd2ba7868a82512650b287f7168d52d25c4fddb8b423b773eaa6b1
-
SHA512
92c6e4b56d30701b09ebdc414a8547cb41a09fa16c390d58663b2b5e861e3dcb608adcdd6cda3fc01c10fb38ca1b4d4f72d062862e9617a14eaff670c28a3cf3
-
SSDEEP
12288:wkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:wkMZ+gf4ltGd8H1fYO0q2G1Ah
Malware Config
Targets
-
-
Target
0bc57ba35fdd2ba7868a82512650b287f7168d52d25c4fddb8b423b773eaa6b1
-
Size
1.1MB
-
MD5
bd5c5e5fd3ccc87376233a873effa08e
-
SHA1
76e9011550b052c0f12294f12fa77fa53e7b309e
-
SHA256
0bc57ba35fdd2ba7868a82512650b287f7168d52d25c4fddb8b423b773eaa6b1
-
SHA512
92c6e4b56d30701b09ebdc414a8547cb41a09fa16c390d58663b2b5e861e3dcb608adcdd6cda3fc01c10fb38ca1b4d4f72d062862e9617a14eaff670c28a3cf3
-
SSDEEP
12288:wkMZ+g4TyilMqFvPIV93i/S0hzmOBt5nihfSxI/mhjEvqJ0D/eAQsroXAkH64C:wkMZ+gf4ltGd8H1fYO0q2G1Ah
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1