Overview

overview

10

Static

static

3

73eb518270...18.dll

windows7-x64

10

73eb518270...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73eb5182708f94d4d29563da6ccaccb9_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-rng1qatbnn

  • MD5

    73eb5182708f94d4d29563da6ccaccb9

  • SHA1

    2dfcfa915d7877942745d3af43fe5d017a3fb0cc

  • SHA256

    e27f783be3af08c4f00e2b4db7c18fe736c86979491b2fc1e849b1e5fcf97b63

  • SHA512

    c959b398348a2514752d72a5fe7e8ff66ad19e577465efac1f03fe6861f22982f0af8e7e0e1e4639f7845b58fcbb1b45f42e55fb8af1a903f37691726ebc3071

  • SSDEEP

    24576:tuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:n9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      73eb5182708f94d4d29563da6ccaccb9_JaffaCakes118

    • Size

      1.2MB

    • MD5

      73eb5182708f94d4d29563da6ccaccb9

    • SHA1

      2dfcfa915d7877942745d3af43fe5d017a3fb0cc

    • SHA256

      e27f783be3af08c4f00e2b4db7c18fe736c86979491b2fc1e849b1e5fcf97b63

    • SHA512

      c959b398348a2514752d72a5fe7e8ff66ad19e577465efac1f03fe6861f22982f0af8e7e0e1e4639f7845b58fcbb1b45f42e55fb8af1a903f37691726ebc3071

    • SSDEEP

      24576:tuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:n9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks