Overview

overview

10

Static

static

3

371af98fd5...18.dll

windows7-x64

10

371af98fd5...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    371af98fd5d1b6a8ecf30ab87a8ce6af_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-egqcassbqn

  • MD5

    371af98fd5d1b6a8ecf30ab87a8ce6af

  • SHA1

    ae32ecdcb944cc6f2bab0a65e06f3e93d3222edd

  • SHA256

    ef76520c0aed81b7d9370ec55c8b159f4e7ffe0266e3d7789e9e886179e17816

  • SHA512

    b63c15c5ebb0fecdf9b144d34b544b2d614fe7558ba7f6e626946fa75622745ec149e43270d30e204078244187ccafe889d6d9961d9cd85ca1dc6b8142d400eb

  • SSDEEP

    24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NA:29cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      371af98fd5d1b6a8ecf30ab87a8ce6af_JaffaCakes118

    • Size

      1.2MB

    • MD5

      371af98fd5d1b6a8ecf30ab87a8ce6af

    • SHA1

      ae32ecdcb944cc6f2bab0a65e06f3e93d3222edd

    • SHA256

      ef76520c0aed81b7d9370ec55c8b159f4e7ffe0266e3d7789e9e886179e17816

    • SHA512

      b63c15c5ebb0fecdf9b144d34b544b2d614fe7558ba7f6e626946fa75622745ec149e43270d30e204078244187ccafe889d6d9961d9cd85ca1dc6b8142d400eb

    • SSDEEP

      24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NA:29cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks