Overview

overview

10

Static

static

3

946f198f08...18.dll

windows7-x64

10

946f198f08...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    946f198f08b87a5905b23ba3874d29f8_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240813-x8vefascld

  • MD5

    946f198f08b87a5905b23ba3874d29f8

  • SHA1

    415cd2e62beb581b477c633373aee2f0ab850035

  • SHA256

    abdd071d272c602d9eb594c38b82fab881b995e75614c0956470c44f7e1654a6

  • SHA512

    7806161254fb434014babf4794ff8bf8b1f4f2727a2fabd59d84b951fdbd28787bcf6a888f55620fb78161c5094eb99e5925884e8db473c08ccf96dfa944634b

  • SSDEEP

    24576:AuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:Q9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      946f198f08b87a5905b23ba3874d29f8_JaffaCakes118

    • Size

      1.2MB

    • MD5

      946f198f08b87a5905b23ba3874d29f8

    • SHA1

      415cd2e62beb581b477c633373aee2f0ab850035

    • SHA256

      abdd071d272c602d9eb594c38b82fab881b995e75614c0956470c44f7e1654a6

    • SHA512

      7806161254fb434014babf4794ff8bf8b1f4f2727a2fabd59d84b951fdbd28787bcf6a888f55620fb78161c5094eb99e5925884e8db473c08ccf96dfa944634b

    • SSDEEP

      24576:AuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:Q9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks