General

  • Target

    4b9e28d775612f9c757d7f7daef0c07823e6764a5f6716a0b9d5e8ae21850d8f

  • Size

    968KB

  • Sample

    241016-jhkweszcqc

  • MD5

    5453dd8223f092553390e303d02d3160

  • SHA1

    db579b41e2b925e52a32d67c44d5efadcdb52c91

  • SHA256

    4b9e28d775612f9c757d7f7daef0c07823e6764a5f6716a0b9d5e8ae21850d8f

  • SHA512

    9b3f0cca2e9b8d1af6b86a232606a57a44480f08ecb5854539f517a56d229a7b3a227cf7415caee70f040ee79cdea6cce0139ec99776664785966467199ca82d

  • SSDEEP

    12288:NqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4BaedthD:NqGBHTxvt+g2gYedth

Malware Config

Targets

    • Target

      4b9e28d775612f9c757d7f7daef0c07823e6764a5f6716a0b9d5e8ae21850d8f

    • Size

      968KB

    • MD5

      5453dd8223f092553390e303d02d3160

    • SHA1

      db579b41e2b925e52a32d67c44d5efadcdb52c91

    • SHA256

      4b9e28d775612f9c757d7f7daef0c07823e6764a5f6716a0b9d5e8ae21850d8f

    • SHA512

      9b3f0cca2e9b8d1af6b86a232606a57a44480f08ecb5854539f517a56d229a7b3a227cf7415caee70f040ee79cdea6cce0139ec99776664785966467199ca82d

    • SSDEEP

      12288:NqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4BaedthD:NqGBHTxvt+g2gYedth

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks