Overview

overview

10

Static

static

3

3c312862b3...18.dll

windows7-x64

10

3c312862b3...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c312862b3890ab7608eeca53eabcbcf_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-jcmg3aydlp

  • MD5

    3c312862b3890ab7608eeca53eabcbcf

  • SHA1

    0adf76f8ff0a939e8dafbe58478cce931c23aaac

  • SHA256

    776f612a16174247f49917d83db7e39b14ab3a6565bf744b9078fbaf561ff973

  • SHA512

    644c4632d6e38efa06e42ea58a23722615b73019bd17d787bb6ce547454a1d0e8e7e1d19e4225b57c9810813408b8a50a099ed9fce889012a82dca47b26adba8

  • SSDEEP

    24576:6uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:i9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      3c312862b3890ab7608eeca53eabcbcf_JaffaCakes118

    • Size

      1.2MB

    • MD5

      3c312862b3890ab7608eeca53eabcbcf

    • SHA1

      0adf76f8ff0a939e8dafbe58478cce931c23aaac

    • SHA256

      776f612a16174247f49917d83db7e39b14ab3a6565bf744b9078fbaf561ff973

    • SHA512

      644c4632d6e38efa06e42ea58a23722615b73019bd17d787bb6ce547454a1d0e8e7e1d19e4225b57c9810813408b8a50a099ed9fce889012a82dca47b26adba8

    • SSDEEP

      24576:6uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:i9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks