Overview

overview

10

Static

static

3

75041e0800...18.dll

windows7-x64

10

75041e0800...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75041e080029f4260716ff47118a17c9_JaffaCakes118

  • Size

    994KB

  • Sample

    240526-lchj8aec62

  • MD5

    75041e080029f4260716ff47118a17c9

  • SHA1

    fdc117f6d7d18d6598fc9567ede55f1e7d8ff660

  • SHA256

    c83732ddabc264f9189e924b6644cbc263292ffd804a71a6ae270cd35d271f6f

  • SHA512

    0f290adb6563ef04f7201fb8291f66b234aad9509ec4b99e1d9298e394934fce9460a701f28eac75575a1cec03bc7c83084ab2dc14d079ba474b92b6368c6e64

  • SSDEEP

    24576:lVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:lV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      75041e080029f4260716ff47118a17c9_JaffaCakes118

    • Size

      994KB

    • MD5

      75041e080029f4260716ff47118a17c9

    • SHA1

      fdc117f6d7d18d6598fc9567ede55f1e7d8ff660

    • SHA256

      c83732ddabc264f9189e924b6644cbc263292ffd804a71a6ae270cd35d271f6f

    • SHA512

      0f290adb6563ef04f7201fb8291f66b234aad9509ec4b99e1d9298e394934fce9460a701f28eac75575a1cec03bc7c83084ab2dc14d079ba474b92b6368c6e64

    • SSDEEP

      24576:lVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:lV8hf6STw1ZlQauvzSq01ICe6zvm

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks