Overview

overview

10

Static

static

3

060a84bec4...18.dll

windows7-x64

10

060a84bec4...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    060a84bec4029d28ef32d2da09fb89f0_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-c1ry5awgka

  • MD5

    060a84bec4029d28ef32d2da09fb89f0

  • SHA1

    01e4f103c7a644f11551433cd78daacb6fa120f2

  • SHA256

    a6db43ae471602cfbfd5321b0536f3afcc8b0314e54768fa4f593303193a7337

  • SHA512

    3e558efe6d582d27f042bcdda3b63c5075217a4cc1107474686c08fdac08d673c168bd61c1effe81e90d66401d3f5b75a15e61bb26a6af5fad4fc88d26ef1b0d

  • SSDEEP

    24576:zuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:99cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      060a84bec4029d28ef32d2da09fb89f0_JaffaCakes118

    • Size

      1.2MB

    • MD5

      060a84bec4029d28ef32d2da09fb89f0

    • SHA1

      01e4f103c7a644f11551433cd78daacb6fa120f2

    • SHA256

      a6db43ae471602cfbfd5321b0536f3afcc8b0314e54768fa4f593303193a7337

    • SHA512

      3e558efe6d582d27f042bcdda3b63c5075217a4cc1107474686c08fdac08d673c168bd61c1effe81e90d66401d3f5b75a15e61bb26a6af5fad4fc88d26ef1b0d

    • SSDEEP

      24576:zuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:99cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks