Overview

overview

10

Static

static

3

a77ea17035...18.dll

windows7-x64

10

a77ea17035...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a77ea170351ac991900e99d6ab82ba94_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240818-vk1v7stgqd

  • MD5

    a77ea170351ac991900e99d6ab82ba94

  • SHA1

    89883fdfd9b195314c5f11c9f3a6f11f1ac54481

  • SHA256

    2c09684615691cd1f32ce11fc79ac9d166f341082f8d699b1f8c23322fe87281

  • SHA512

    b0b5bce4389d55febe02120e620b27fb20a938d1e35de20402815028ccc6c897fc6eb37df6e394dd8a47b1fb18ff71d21efc6f1d0d08d392de2acdb5efc8525c

  • SSDEEP

    24576:5uYfQ4rhHr4NFXa5O1aUiDBv52+IT3WpclO9N:bdca7Uq5WbQcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      a77ea170351ac991900e99d6ab82ba94_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a77ea170351ac991900e99d6ab82ba94

    • SHA1

      89883fdfd9b195314c5f11c9f3a6f11f1ac54481

    • SHA256

      2c09684615691cd1f32ce11fc79ac9d166f341082f8d699b1f8c23322fe87281

    • SHA512

      b0b5bce4389d55febe02120e620b27fb20a938d1e35de20402815028ccc6c897fc6eb37df6e394dd8a47b1fb18ff71d21efc6f1d0d08d392de2acdb5efc8525c

    • SSDEEP

      24576:5uYfQ4rhHr4NFXa5O1aUiDBv52+IT3WpclO9N:bdca7Uq5WbQcU

    Score
    10/10
    dridexbotnetevasionpayloadtrojanpersistence

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks