Overview

overview

10

Static

static

3

84e153b09c...18.dll

windows7-x64

10

84e153b09c...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84e153b09cdcf94c51fb28dd948c40ce_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240810-fmblrs1bqd

  • MD5

    84e153b09cdcf94c51fb28dd948c40ce

  • SHA1

    a62a91ac31a93b7e788388017017dcaddafc2c50

  • SHA256

    cae8edf96ad41267994ab6e5ed6831a50acf695c3a706f4b5fa0fbc41d9efc6d

  • SHA512

    23fbe66b8768326e23f657d57e6643e38dd19d137c42594fb73c946680b3114871e20a1695fc58c979fe1de77f0eba4f9dda97c76828949a93d1cc24b306ac85

  • SSDEEP

    24576:MuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:k9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      84e153b09cdcf94c51fb28dd948c40ce_JaffaCakes118

    • Size

      1.2MB

    • MD5

      84e153b09cdcf94c51fb28dd948c40ce

    • SHA1

      a62a91ac31a93b7e788388017017dcaddafc2c50

    • SHA256

      cae8edf96ad41267994ab6e5ed6831a50acf695c3a706f4b5fa0fbc41d9efc6d

    • SHA512

      23fbe66b8768326e23f657d57e6643e38dd19d137c42594fb73c946680b3114871e20a1695fc58c979fe1de77f0eba4f9dda97c76828949a93d1cc24b306ac85

    • SSDEEP

      24576:MuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:k9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks