General

  • Target

    UxTheme.dll.exe

  • Size

    716KB

  • Sample

    250424-shx1esvsay

  • MD5

    ded81afe8b52534d73556659df1526fd

  • SHA1

    6e3e2d5a9824efbe95b191dd3a95ecc5ffe2c13f

  • SHA256

    90b52bcddab0daf79a483788dd0bc954a820ebc0882deb6fb11a69e36bf61614

  • SHA512

    089b5fb44ff1bc6a737852d74f4fd7973c7bcb8f5b734a549d4ba3bc4bb9b7ac65f9384d07d051d8c546e903310b9d3ccdda66d0b1e4b06390949354fab4108a

  • SSDEEP

    12288:0zCzLlICzsnTABPoPSjtR68rNoXPOxJb4s9OSqPHA+MhamywwOly:0Ov5sT4P568ref6JbN9GPwaRyly

Malware Config

Targets

    • Target

      UxTheme.dll.exe

    • Size

      716KB

    • MD5

      ded81afe8b52534d73556659df1526fd

    • SHA1

      6e3e2d5a9824efbe95b191dd3a95ecc5ffe2c13f

    • SHA256

      90b52bcddab0daf79a483788dd0bc954a820ebc0882deb6fb11a69e36bf61614

    • SHA512

      089b5fb44ff1bc6a737852d74f4fd7973c7bcb8f5b734a549d4ba3bc4bb9b7ac65f9384d07d051d8c546e903310b9d3ccdda66d0b1e4b06390949354fab4108a

    • SSDEEP

      12288:0zCzLlICzsnTABPoPSjtR68rNoXPOxJb4s9OSqPHA+MhamywwOly:0Ov5sT4P568ref6JbN9GPwaRyly

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v16

Tasks