General

  • Target

    87f7e4782faff19b704c3881d94a1ba35fefd2ffe10b55399af5a9ca43227447

  • Size

    692KB

  • Sample

    241016-r1tv2svcpc

  • MD5

    65411740b33c7475d67552a92d3c4054

  • SHA1

    d1191e086f3faa2f2168a28eac66d7360c94d5e9

  • SHA256

    87f7e4782faff19b704c3881d94a1ba35fefd2ffe10b55399af5a9ca43227447

  • SHA512

    3bdb279bba9946af41d4bccc9b2bed4c8f37fc03d0cc53d0845311645ba39d6a30ca0e8d6bbe7bc8a1d94c8cacaeb8f515686b226e59b8ec06f6d6242c85fb03

  • SSDEEP

    12288:cqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:cqGBHTxvt+g2gYed

Malware Config

Targets

    • Target

      87f7e4782faff19b704c3881d94a1ba35fefd2ffe10b55399af5a9ca43227447

    • Size

      692KB

    • MD5

      65411740b33c7475d67552a92d3c4054

    • SHA1

      d1191e086f3faa2f2168a28eac66d7360c94d5e9

    • SHA256

      87f7e4782faff19b704c3881d94a1ba35fefd2ffe10b55399af5a9ca43227447

    • SHA512

      3bdb279bba9946af41d4bccc9b2bed4c8f37fc03d0cc53d0845311645ba39d6a30ca0e8d6bbe7bc8a1d94c8cacaeb8f515686b226e59b8ec06f6d6242c85fb03

    • SSDEEP

      12288:cqJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:cqGBHTxvt+g2gYed

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks