Overview

overview

10

Static

static

3

74cac0f859...18.dll

windows7-x64

10

74cac0f859...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74cac0f8595da4ae3dbbc1e923c8ce02_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-rzw9savblm

  • MD5

    74cac0f8595da4ae3dbbc1e923c8ce02

  • SHA1

    9d6e13762082cbee6a60eb76e4d5bbf48e5743f6

  • SHA256

    5532880b11bd9338a1512bd6dc6b81a629d4022c15930ef5646f854b8599a9ad

  • SHA512

    2166d74cef05f332ff43a4dc0dea9c2280405a4454e2c2a9ad4a7193cb1481c8beaa40e7c81b2b06b6af96d4cbd52f49d741911ff00c08d3108c5869a0c30346

  • SSDEEP

    24576:JuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NR:b9cKrUqZWLAcUJ

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      74cac0f8595da4ae3dbbc1e923c8ce02_JaffaCakes118

    • Size

      1.2MB

    • MD5

      74cac0f8595da4ae3dbbc1e923c8ce02

    • SHA1

      9d6e13762082cbee6a60eb76e4d5bbf48e5743f6

    • SHA256

      5532880b11bd9338a1512bd6dc6b81a629d4022c15930ef5646f854b8599a9ad

    • SHA512

      2166d74cef05f332ff43a4dc0dea9c2280405a4454e2c2a9ad4a7193cb1481c8beaa40e7c81b2b06b6af96d4cbd52f49d741911ff00c08d3108c5869a0c30346

    • SSDEEP

      24576:JuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NR:b9cKrUqZWLAcUJ

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks