Overview

overview

10

Static

static

3

31b7ddc62f...18.dll

windows7-x64

10

31b7ddc62f...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31b7ddc62f5f53c4e73e7e6fc2ac8a8e_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-b97v9s1erh

  • MD5

    31b7ddc62f5f53c4e73e7e6fc2ac8a8e

  • SHA1

    90bc55e8741ad80cc692f8916879afe1136d300c

  • SHA256

    d62f7d5f5612a00f40af40dd9e4d077879f57a394e6c54cfdd8ac3c643212844

  • SHA512

    2c1de038b2c6a2b090f0f17a1fc0118bbed7837496a7c7df345295039d16e1731c5274cde666880b5323eed51547b10a93a22efd7d2deffd14f0bcc1e8f611dc

  • SSDEEP

    24576:luYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:f9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      31b7ddc62f5f53c4e73e7e6fc2ac8a8e_JaffaCakes118

    • Size

      1.2MB

    • MD5

      31b7ddc62f5f53c4e73e7e6fc2ac8a8e

    • SHA1

      90bc55e8741ad80cc692f8916879afe1136d300c

    • SHA256

      d62f7d5f5612a00f40af40dd9e4d077879f57a394e6c54cfdd8ac3c643212844

    • SHA512

      2c1de038b2c6a2b090f0f17a1fc0118bbed7837496a7c7df345295039d16e1731c5274cde666880b5323eed51547b10a93a22efd7d2deffd14f0bcc1e8f611dc

    • SSDEEP

      24576:luYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:f9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks