General

  • Target

    2c1cbd4e7a27c47468c2e806e5559c3680f1cd6497c33a65c0a565fe8bab1add

  • Size

    2.0MB

  • Sample

    210928-kpwf6sbcer

  • MD5

    24628d042b24ccca20dfc18374ee15c1

  • SHA1

    0deb91aa0e4c63080d71db61bfed0c7a5fb967ca

  • SHA256

    2c1cbd4e7a27c47468c2e806e5559c3680f1cd6497c33a65c0a565fe8bab1add

  • SHA512

    dd3c8457810dc1f17d1ea38be7d8884a89fd668a1b8b3d3d41f221e3997ef434e23a716433e7b214503e10649dba4830a1bf648c5a8dd23ff494d49a6d10aa23

Malware Config

Targets

    • Target

      2c1cbd4e7a27c47468c2e806e5559c3680f1cd6497c33a65c0a565fe8bab1add

    • Size

      2.0MB

    • MD5

      24628d042b24ccca20dfc18374ee15c1

    • SHA1

      0deb91aa0e4c63080d71db61bfed0c7a5fb967ca

    • SHA256

      2c1cbd4e7a27c47468c2e806e5559c3680f1cd6497c33a65c0a565fe8bab1add

    • SHA512

      dd3c8457810dc1f17d1ea38be7d8884a89fd668a1b8b3d3d41f221e3997ef434e23a716433e7b214503e10649dba4830a1bf648c5a8dd23ff494d49a6d10aa23

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks