General

  • Target

    ee92609ef4b2d72fbd598a3ae26ab5e94ecee615e0666e9040d5f58d280ae17d

  • Size

    720KB

  • Sample

    241016-vz22tawarm

  • MD5

    5774c50c00067b08c38d3585dec17637

  • SHA1

    e001beca0128d6c8ddd1c7ebc38e73c6244d2eb9

  • SHA256

    ee92609ef4b2d72fbd598a3ae26ab5e94ecee615e0666e9040d5f58d280ae17d

  • SHA512

    2a06a15cd17f32185e1b60095512a2420d0a5537e701fa7603dcb702c7cd3c5a7d8a43f553c3b6ca43f82f1af15ae09a53fa4795c1768e58508c7f485cbe4d7a

  • SSDEEP

    12288:1qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:1qGBHTxvt+g2gYed

Malware Config

Targets

    • Target

      ee92609ef4b2d72fbd598a3ae26ab5e94ecee615e0666e9040d5f58d280ae17d

    • Size

      720KB

    • MD5

      5774c50c00067b08c38d3585dec17637

    • SHA1

      e001beca0128d6c8ddd1c7ebc38e73c6244d2eb9

    • SHA256

      ee92609ef4b2d72fbd598a3ae26ab5e94ecee615e0666e9040d5f58d280ae17d

    • SHA512

      2a06a15cd17f32185e1b60095512a2420d0a5537e701fa7603dcb702c7cd3c5a7d8a43f553c3b6ca43f82f1af15ae09a53fa4795c1768e58508c7f485cbe4d7a

    • SSDEEP

      12288:1qJ4FzHTx8cOjEIonNgQLtXKFg2t/KRi4Baed:1qGBHTxvt+g2gYed

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks