Overview

overview

10

Static

static

3

6d8bf02033...18.dll

windows7-x64

10

6d8bf02033...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d8bf02033dde545d05351f631980308_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-b4azca1fpn

  • MD5

    6d8bf02033dde545d05351f631980308

  • SHA1

    e3c3e55f963bd4df788dccd21f11c8e0f6c33542

  • SHA256

    81bfe8da0570d8f0bee3ac1e95c73ea4617601bb23c33d0e3431ea9e3db93baa

  • SHA512

    76d35b440a86c108b038df0163a02481fae95d78e97aef3de74152e33e9f3ab04ffedb73639b400020f1f362daa28d256933ef121cb8d134cab46dc6ad675d3e

  • SSDEEP

    24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NvE:p9cKrUqZWLAcUH

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      6d8bf02033dde545d05351f631980308_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6d8bf02033dde545d05351f631980308

    • SHA1

      e3c3e55f963bd4df788dccd21f11c8e0f6c33542

    • SHA256

      81bfe8da0570d8f0bee3ac1e95c73ea4617601bb23c33d0e3431ea9e3db93baa

    • SHA512

      76d35b440a86c108b038df0163a02481fae95d78e97aef3de74152e33e9f3ab04ffedb73639b400020f1f362daa28d256933ef121cb8d134cab46dc6ad675d3e

    • SSDEEP

      24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NvE:p9cKrUqZWLAcUH

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks