General

  • Target

    ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033

  • Size

    1MB

  • Sample

    210928-ler7fabde4

  • MD5

    c50f692a715db805e68e9655ff6a9ab2

  • SHA1

    229b257301ed99d518364afd22c4276daa5b3d20

  • SHA256

    ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033

  • SHA512

    ad74f556ccef1f8fd4a3c18a18c27adcafd2f552025bf7f83864261c6944db5423c719ea161c341e593800499c6e01aba846031e79caf1e771b2b16e7d6e33d1

Malware Config

Targets

    • Target

      ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033

    • Size

      1MB

    • MD5

      c50f692a715db805e68e9655ff6a9ab2

    • SHA1

      229b257301ed99d518364afd22c4276daa5b3d20

    • SHA256

      ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033

    • SHA512

      ad74f556ccef1f8fd4a3c18a18c27adcafd2f552025bf7f83864261c6944db5423c719ea161c341e593800499c6e01aba846031e79caf1e771b2b16e7d6e33d1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Payload

      Detects Dridex x64 core DLL in memory.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks