Overview

overview

10

Static

static

3

7ef24c1f5e...18.dll

windows7-x64

10

7ef24c1f5e...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ef24c1f5e48c05ea044e0526927416a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240801-dlekxstapd

  • MD5

    7ef24c1f5e48c05ea044e0526927416a

  • SHA1

    a6d769d027f54f788a6b4d81050de84b8250d948

  • SHA256

    604afec896aa6be5676ddf766bcf16e56c6822c5078cc40480bee754b305ff8c

  • SHA512

    6cedb29f93c705d9125d4acfc45c827ff06a703f21fbf650a204f20b0e0c9110eaf429e69dfcd96a0e10121849219494e523ec610fa3669719aa8d64ef29d583

  • SSDEEP

    24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      7ef24c1f5e48c05ea044e0526927416a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      7ef24c1f5e48c05ea044e0526927416a

    • SHA1

      a6d769d027f54f788a6b4d81050de84b8250d948

    • SHA256

      604afec896aa6be5676ddf766bcf16e56c6822c5078cc40480bee754b305ff8c

    • SHA512

      6cedb29f93c705d9125d4acfc45c827ff06a703f21fbf650a204f20b0e0c9110eaf429e69dfcd96a0e10121849219494e523ec610fa3669719aa8d64ef29d583

    • SSDEEP

      24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks