Overview

overview

10

Static

static

3

7800b9d0be...18.dll

windows7-x64

10

7800b9d0be...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7800b9d0be9bce9e13706e9a738321cc_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-s4jd6axajj

  • MD5

    7800b9d0be9bce9e13706e9a738321cc

  • SHA1

    6e4efb0b9602f6400ae735dc734f94faeeaede35

  • SHA256

    d2f5888941801c183beb9683356f780eaf0b66a94b595a8db0a52b32db5034d1

  • SHA512

    dbb62a792651abc3f2a5d2a689f52c58eebdd7c6f448d2f10579f961f6691ef3e37079afe81dd52580cbd2aa2bb02228a06240d8aca4e83667c66c1e6007c68a

  • SSDEEP

    24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NXwF:p9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      7800b9d0be9bce9e13706e9a738321cc_JaffaCakes118

    • Size

      1.2MB

    • MD5

      7800b9d0be9bce9e13706e9a738321cc

    • SHA1

      6e4efb0b9602f6400ae735dc734f94faeeaede35

    • SHA256

      d2f5888941801c183beb9683356f780eaf0b66a94b595a8db0a52b32db5034d1

    • SHA512

      dbb62a792651abc3f2a5d2a689f52c58eebdd7c6f448d2f10579f961f6691ef3e37079afe81dd52580cbd2aa2bb02228a06240d8aca4e83667c66c1e6007c68a

    • SSDEEP

      24576:HuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NXwF:p9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks