Overview

overview

10

Static

static

3

305ed1795e...18.dll

windows7-x64

10

305ed1795e...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    305ed1795e2e32ab6474f11e8a2b90da_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-bq89zszeqd

  • MD5

    305ed1795e2e32ab6474f11e8a2b90da

  • SHA1

    36691323644bafb435d160a6d91caabba435a6de

  • SHA256

    f2ddef77e116e27aaf7edd19d8e311c890be77abd321a104a19bb4beb6a760d5

  • SHA512

    eab5c510385fef3fc598f15b65c6b91e966ba1590de17c839e4a5a9816526463f91501a5006209e781e15befd240ff7cdb53e57103dabd319483598926f85500

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      305ed1795e2e32ab6474f11e8a2b90da_JaffaCakes118

    • Size

      1.2MB

    • MD5

      305ed1795e2e32ab6474f11e8a2b90da

    • SHA1

      36691323644bafb435d160a6d91caabba435a6de

    • SHA256

      f2ddef77e116e27aaf7edd19d8e311c890be77abd321a104a19bb4beb6a760d5

    • SHA512

      eab5c510385fef3fc598f15b65c6b91e966ba1590de17c839e4a5a9816526463f91501a5006209e781e15befd240ff7cdb53e57103dabd319483598926f85500

    • SSDEEP

      24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks