General

  • Target

    96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9

  • Size

    2.1MB

  • Sample

    210928-kpbrrsbbf3

  • MD5

    f8295446e335b679641637334c99242d

  • SHA1

    18b9a40791f1a52c70507b29d0b631510f2e33c6

  • SHA256

    96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9

  • SHA512

    82b140666adcf81d786ef650a4eeae44a133c23593e2ccb14a1bd0b262084dd937d2fe6546fd691ba859b376becbfc4f18e57459d8e9e6b2e20654cc227fd1b7

Malware Config

Targets

    • Target

      96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9

    • Size

      2.1MB

    • MD5

      f8295446e335b679641637334c99242d

    • SHA1

      18b9a40791f1a52c70507b29d0b631510f2e33c6

    • SHA256

      96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9

    • SHA512

      82b140666adcf81d786ef650a4eeae44a133c23593e2ccb14a1bd0b262084dd937d2fe6546fd691ba859b376becbfc4f18e57459d8e9e6b2e20654cc227fd1b7

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks