Overview

overview

10

Static

static

3

a2c8e4117f...18.dll

windows7-x64

10

a2c8e4117f...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2c8e4117fbdd702afa7eaa9f3e4f45b_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240817-q5cxna1hkn

  • MD5

    a2c8e4117fbdd702afa7eaa9f3e4f45b

  • SHA1

    8ef8013bd3fba4a9db7c2b003797eb59f3cc05c8

  • SHA256

    40545a6526811c53e2e60af1d8df29607162db993879b289bddf2d2dab73e9d7

  • SHA512

    20864d7b6ec128bd32994562d15f08b0b599242909c922c2e6eb4498dd6e2cd6292ffced315d9f54b4cd689387b2b6c5a1a14fe9a83fc0e6d28138e16e5db83c

  • SSDEEP

    24576:guYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:w9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      a2c8e4117fbdd702afa7eaa9f3e4f45b_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a2c8e4117fbdd702afa7eaa9f3e4f45b

    • SHA1

      8ef8013bd3fba4a9db7c2b003797eb59f3cc05c8

    • SHA256

      40545a6526811c53e2e60af1d8df29607162db993879b289bddf2d2dab73e9d7

    • SHA512

      20864d7b6ec128bd32994562d15f08b0b599242909c922c2e6eb4498dd6e2cd6292ffced315d9f54b4cd689387b2b6c5a1a14fe9a83fc0e6d28138e16e5db83c

    • SSDEEP

      24576:guYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:w9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks