Overview

overview

10

Static

static

3

8edbc8966c...18.dll

windows7-x64

10

8edbc8966c...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8edbc8966c7188e465581d36300c7352_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240812-qfx7aswgkg

  • MD5

    8edbc8966c7188e465581d36300c7352

  • SHA1

    659416a2b57a6473f69f7ec5d31c8126f4e00ba5

  • SHA256

    b85dc997c286d5e1c94c544310837a28f8b7376d5ff40fbf0af80af9cc43cc8f

  • SHA512

    fc026ad358a33716ee1bab7f8ebe962c6b2350d3ce6f100c92d35ed69a6d2c6f8a4e95d9b59c1dfa9d00e8513dbd4cfef34df0b045344d8b08ec8820a6fb5d1f

  • SSDEEP

    24576:fuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:h9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      8edbc8966c7188e465581d36300c7352_JaffaCakes118

    • Size

      1.2MB

    • MD5

      8edbc8966c7188e465581d36300c7352

    • SHA1

      659416a2b57a6473f69f7ec5d31c8126f4e00ba5

    • SHA256

      b85dc997c286d5e1c94c544310837a28f8b7376d5ff40fbf0af80af9cc43cc8f

    • SHA512

      fc026ad358a33716ee1bab7f8ebe962c6b2350d3ce6f100c92d35ed69a6d2c6f8a4e95d9b59c1dfa9d00e8513dbd4cfef34df0b045344d8b08ec8820a6fb5d1f

    • SSDEEP

      24576:fuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:h9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks