General

  • Target

    0e0d4494780c9010ece88f39f65bfbfcb13236e1652f7fe41e9c84a5b16583a5

  • Size

    640KB

  • Sample

    250119-ywtg2stlgz

  • MD5

    808f8aa2eb9c746712dd4793ba90da70

  • SHA1

    7175856d3d473772c5e3fbb2af0ee72f9424f59d

  • SHA256

    0e0d4494780c9010ece88f39f65bfbfcb13236e1652f7fe41e9c84a5b16583a5

  • SHA512

    44d6b3891a7c0fec9a2a20d036113d273754433af8a0bb2b630be5a051fd087f0d4a3c2afe2304f27299457e4a946e9dac3bdb213ae13d6b77378982601b2ddb

  • SSDEEP

    6144:Gg12AzW5HsiScvtNybiR8g0ISTFCRVe9/JE+++sKS1JGWWsca65eu9K2zqc4CWAZ:G82AK5HOEksJ1YW7DwzqyQ

Malware Config

Targets

    • Target

      0e0d4494780c9010ece88f39f65bfbfcb13236e1652f7fe41e9c84a5b16583a5

    • Size

      640KB

    • MD5

      808f8aa2eb9c746712dd4793ba90da70

    • SHA1

      7175856d3d473772c5e3fbb2af0ee72f9424f59d

    • SHA256

      0e0d4494780c9010ece88f39f65bfbfcb13236e1652f7fe41e9c84a5b16583a5

    • SHA512

      44d6b3891a7c0fec9a2a20d036113d273754433af8a0bb2b630be5a051fd087f0d4a3c2afe2304f27299457e4a946e9dac3bdb213ae13d6b77378982601b2ddb

    • SSDEEP

      6144:Gg12AzW5HsiScvtNybiR8g0ISTFCRVe9/JE+++sKS1JGWWsca65eu9K2zqc4CWAZ:G82AK5HOEksJ1YW7DwzqyQ

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader 'dmod' strings

      Detects 'dmod' strings in Dridex loader.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks