Overview

overview

10

Static

static

3

9cdb43c23c...18.dll

windows7-x64

10

9cdb43c23c...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cdb43c23cbe72a36e8ace440955fbb8_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240816-egnhpsxhrm

  • MD5

    9cdb43c23cbe72a36e8ace440955fbb8

  • SHA1

    738d4cbc3da26c3dce6efe3f42d960cb6d504ac6

  • SHA256

    580717185d7152b8d9b743535f769b840dc8387ed3fc4cf61d411a6733afef1d

  • SHA512

    6ff44db456afbc663d751af9984f037dcdf2fb8b70de6141748904508e0f730375b1f6b7903031c617336048187c955efe48a6082f31edfedea6583baf5d430f

  • SSDEEP

    24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:29cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      9cdb43c23cbe72a36e8ace440955fbb8_JaffaCakes118

    • Size

      1.2MB

    • MD5

      9cdb43c23cbe72a36e8ace440955fbb8

    • SHA1

      738d4cbc3da26c3dce6efe3f42d960cb6d504ac6

    • SHA256

      580717185d7152b8d9b743535f769b840dc8387ed3fc4cf61d411a6733afef1d

    • SHA512

      6ff44db456afbc663d751af9984f037dcdf2fb8b70de6141748904508e0f730375b1f6b7903031c617336048187c955efe48a6082f31edfedea6583baf5d430f

    • SSDEEP

      24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:29cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks