Overview

overview

10

Static

static

3

85ca9b6e2d...18.dll

windows7-x64

10

85ca9b6e2d...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85ca9b6e2d3628cea4badad665e74407_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240810-mz7cjawekk

  • MD5

    85ca9b6e2d3628cea4badad665e74407

  • SHA1

    951a6bd5f11a3e473a5e13b4cd9d76e1d8128fa5

  • SHA256

    09fb14c04c646802ded6085bf57fd6afd60d168d570cfed4db4ff7e820d0db72

  • SHA512

    b3fa6263f5fd2e72dd20b36100e2272cb823f899123525bb7176acfeb481aadde026ab5edf8163a51aba7236008cd3ec3aa3419f0d779052ed35b23975c1cd66

  • SSDEEP

    24576:QuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N9t:A9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      85ca9b6e2d3628cea4badad665e74407_JaffaCakes118

    • Size

      1.2MB

    • MD5

      85ca9b6e2d3628cea4badad665e74407

    • SHA1

      951a6bd5f11a3e473a5e13b4cd9d76e1d8128fa5

    • SHA256

      09fb14c04c646802ded6085bf57fd6afd60d168d570cfed4db4ff7e820d0db72

    • SHA512

      b3fa6263f5fd2e72dd20b36100e2272cb823f899123525bb7176acfeb481aadde026ab5edf8163a51aba7236008cd3ec3aa3419f0d779052ed35b23975c1cd66

    • SSDEEP

      24576:QuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N9t:A9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks