Overview

overview

10

Static

static

3

7051b4e076...18.dll

windows7-x64

10

7051b4e076...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7051b4e07604f97d31c07ff0f83c9620_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-qdzx4szfpp

  • MD5

    7051b4e07604f97d31c07ff0f83c9620

  • SHA1

    9585328616c046d78fd9a9cd61c98ca4504ada1a

  • SHA256

    7da26cae9e489fcf070ff979bb244ed218c0b0fb16b33f36a0079c8b394ae41e

  • SHA512

    9665b1fab2412dec8035e0c89a9395b5bb46534a7a0b4317e06046c35a5cf26a1cd14ac0df62355d875be2a3ce8a956fddcda21fa01e32175da2af62639da6b6

  • SSDEEP

    24576:nuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Nnpt:J9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      7051b4e07604f97d31c07ff0f83c9620_JaffaCakes118

    • Size

      1.2MB

    • MD5

      7051b4e07604f97d31c07ff0f83c9620

    • SHA1

      9585328616c046d78fd9a9cd61c98ca4504ada1a

    • SHA256

      7da26cae9e489fcf070ff979bb244ed218c0b0fb16b33f36a0079c8b394ae41e

    • SHA512

      9665b1fab2412dec8035e0c89a9395b5bb46534a7a0b4317e06046c35a5cf26a1cd14ac0df62355d875be2a3ce8a956fddcda21fa01e32175da2af62639da6b6

    • SSDEEP

      24576:nuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9Nnpt:J9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks