General
-
Target
fd7fddc39d5bc3bc942c4575c57bb305068eed4e8bbe1285733e23ec9b18fb58
-
Size
672KB
-
Sample
241102-dgtt2swqax
-
MD5
089bbe4454e8a5806c2c27247bd47c3a
-
SHA1
837ada8cd4d906788c34507cc413a78389e91c02
-
SHA256
fd7fddc39d5bc3bc942c4575c57bb305068eed4e8bbe1285733e23ec9b18fb58
-
SHA512
a789910c2cd0698cd0f383ca4bfa2f54b8c11c640aa74d632ccaf9596c8353c319f0b05612b7b590fc860eaf131a7d783f1ed735f82975e7d77a3332154a937d
-
SSDEEP
6144:534xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:5IKp/UWCZdCDh2IZDwAFRpR6Au
Malware Config
Targets
-
-
Target
fd7fddc39d5bc3bc942c4575c57bb305068eed4e8bbe1285733e23ec9b18fb58
-
Size
672KB
-
MD5
089bbe4454e8a5806c2c27247bd47c3a
-
SHA1
837ada8cd4d906788c34507cc413a78389e91c02
-
SHA256
fd7fddc39d5bc3bc942c4575c57bb305068eed4e8bbe1285733e23ec9b18fb58
-
SHA512
a789910c2cd0698cd0f383ca4bfa2f54b8c11c640aa74d632ccaf9596c8353c319f0b05612b7b590fc860eaf131a7d783f1ed735f82975e7d77a3332154a937d
-
SSDEEP
6144:534xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:5IKp/UWCZdCDh2IZDwAFRpR6Au
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Dridex Shellcode
Detects Dridex Payload shellcode injected in Explorer process.
-
Dridex payload
Detects Dridex x64 core DLL in memory.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1