General
-
Target
9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7
-
Size
1.2MB
-
Sample
241018-h31xpswhrp
-
MD5
02cc0f2d0a0c7407558ac5a569c4e04c
-
SHA1
4b7060c03c224e42c420651368c73dbddcc3a3e3
-
SHA256
9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7
-
SHA512
ac134e657c9ec47511245fdcbf717221a83eda2faea7e57560a59e212efa9312f4f13abc29b81be6210405680f507c5d921c4f6fe9ec933249c093e342eef554
-
SSDEEP
6144:k34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTI:kIKp/UWCZdCDh2IZDwAFRpR6Aup
Malware Config
Targets
-
-
Target
9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7
-
Size
1.2MB
-
MD5
02cc0f2d0a0c7407558ac5a569c4e04c
-
SHA1
4b7060c03c224e42c420651368c73dbddcc3a3e3
-
SHA256
9d547a1ca3ef9b612354dc907c31c5acf7310f540dc48686f3157398d1e53bb7
-
SHA512
ac134e657c9ec47511245fdcbf717221a83eda2faea7e57560a59e212efa9312f4f13abc29b81be6210405680f507c5d921c4f6fe9ec933249c093e342eef554
-
SSDEEP
6144:k34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTI:kIKp/UWCZdCDh2IZDwAFRpR6Aup
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1