Overview

overview

10

Static

static

3

7cb39a9582...18.dll

windows7-x64

10

7cb39a9582...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7cb39a958205ae575a11bcfbecd2923b_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240731-rdy69axbkm

  • MD5

    7cb39a958205ae575a11bcfbecd2923b

  • SHA1

    c098dbee02a9f5b0185a097d2907d05611c06d5d

  • SHA256

    c239b07bc04c591ebb22d3ec9be5a81b73b5b36b80b867e49447284c180ad00d

  • SHA512

    6897ce3683f63a898fb5859a8641833cc0bf230275f1cf5d8d1741b483ef660ab5ba7c323fecd9c8f28abcf5d606c4098a2e12dc9779c0016bae9eee43e06f34

  • SSDEEP

    24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      7cb39a958205ae575a11bcfbecd2923b_JaffaCakes118

    • Size

      1.2MB

    • MD5

      7cb39a958205ae575a11bcfbecd2923b

    • SHA1

      c098dbee02a9f5b0185a097d2907d05611c06d5d

    • SHA256

      c239b07bc04c591ebb22d3ec9be5a81b73b5b36b80b867e49447284c180ad00d

    • SHA512

      6897ce3683f63a898fb5859a8641833cc0bf230275f1cf5d8d1741b483ef660ab5ba7c323fecd9c8f28abcf5d606c4098a2e12dc9779c0016bae9eee43e06f34

    • SSDEEP

      24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks