Overview

overview

10

Static

static

3

32537f5052...18.dll

windows7-x64

10

32537f5052...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32537f50522e3740a5c02b2b70095c69_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240729-chmaxsxemr

  • MD5

    32537f50522e3740a5c02b2b70095c69

  • SHA1

    33c1010b9daea842501a2c4c854d4084d726880d

  • SHA256

    5f25e058ec1e4e713a06af4af810eaeee84640b5b6a3995d8bb384e06e958f74

  • SHA512

    660606f2c7cd54ae91a1be2fcbd41d52472ca3ac97880aefffa178b02f1c14df18a901b02267cfb58cfa441f123617f353ca7ce6d7c3b61daef5afb150d5b1e1

  • SSDEEP

    24576:guYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NF:w9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      32537f50522e3740a5c02b2b70095c69_JaffaCakes118

    • Size

      1.4MB

    • MD5

      32537f50522e3740a5c02b2b70095c69

    • SHA1

      33c1010b9daea842501a2c4c854d4084d726880d

    • SHA256

      5f25e058ec1e4e713a06af4af810eaeee84640b5b6a3995d8bb384e06e958f74

    • SHA512

      660606f2c7cd54ae91a1be2fcbd41d52472ca3ac97880aefffa178b02f1c14df18a901b02267cfb58cfa441f123617f353ca7ce6d7c3b61daef5afb150d5b1e1

    • SSDEEP

      24576:guYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NF:w9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks