Overview

overview

10

Static

static

3

33a896d618...18.dll

windows7-x64

10

33a896d618...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33a896d6184851ee490f07f6ef499b73_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-c3fc4sshrg

  • MD5

    33a896d6184851ee490f07f6ef499b73

  • SHA1

    fa9db1c9c6256ae0dbbb02593ca853df3f31f171

  • SHA256

    184451839f912dfa47548af44b5f0c8a62e084a23abe992b3cd301208c190823

  • SHA512

    1140bde17fe9f76a65b51960526d6d0b2db68a031c1e55689ce2369406f1436f3028f7154119b154516a576a3298ff7efd8e8d46af491647cd0c4e2f88d8319e

  • SSDEEP

    24576:3uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:59cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      33a896d6184851ee490f07f6ef499b73_JaffaCakes118

    • Size

      1.2MB

    • MD5

      33a896d6184851ee490f07f6ef499b73

    • SHA1

      fa9db1c9c6256ae0dbbb02593ca853df3f31f171

    • SHA256

      184451839f912dfa47548af44b5f0c8a62e084a23abe992b3cd301208c190823

    • SHA512

      1140bde17fe9f76a65b51960526d6d0b2db68a031c1e55689ce2369406f1436f3028f7154119b154516a576a3298ff7efd8e8d46af491647cd0c4e2f88d8319e

    • SSDEEP

      24576:3uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:59cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks