Overview

overview

10

Static

static

3

563694b5b3...18.dll

windows7-x64

10

563694b5b3...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    563694b5b3e24156272e80505a060dfb_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240718-fjcpnawckk

  • MD5

    563694b5b3e24156272e80505a060dfb

  • SHA1

    e95033c6a1c1a711134aedc993f56b953cd86efb

  • SHA256

    692edebbe453068bc42b4ca091ef8eaf27c544777b71b2f17930bde34cd67698

  • SHA512

    7fe4a9bb7d9ed79a7aba262c0bbb664ff2c6685a61ef8810f7b30fe17a888c44adfa2427c896087d567511098745c1e876f4f326024e9302248f9df83c0dba6a

  • SSDEEP

    12288:rVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:qfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      563694b5b3e24156272e80505a060dfb_JaffaCakes118

    • Size

      1.2MB

    • MD5

      563694b5b3e24156272e80505a060dfb

    • SHA1

      e95033c6a1c1a711134aedc993f56b953cd86efb

    • SHA256

      692edebbe453068bc42b4ca091ef8eaf27c544777b71b2f17930bde34cd67698

    • SHA512

      7fe4a9bb7d9ed79a7aba262c0bbb664ff2c6685a61ef8810f7b30fe17a888c44adfa2427c896087d567511098745c1e876f4f326024e9302248f9df83c0dba6a

    • SSDEEP

      12288:rVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:qfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks