Overview

overview

10

Static

static

3

b57ee7b151...18.dll

windows7-x64

10

b57ee7b151...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b57ee7b1519ce4f80831dcedad7662fe_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240821-3l4x9azhrj

  • MD5

    b57ee7b1519ce4f80831dcedad7662fe

  • SHA1

    772b5c112e52bb186fc006785765902f62325c87

  • SHA256

    9eee24f1910adf2f9f51d20686490ef331245fa9272895d3aba8a62f8f190c69

  • SHA512

    899ce395891a99312f1cb2fe1ae190456d611af9a5d56ad9a83bc8d46a8836db762566ab13703c774aaf5045e96fc06972cc5df3c5b1ef90f91d6807c2c226a6

  • SSDEEP

    24576:0uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:s9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      b57ee7b1519ce4f80831dcedad7662fe_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b57ee7b1519ce4f80831dcedad7662fe

    • SHA1

      772b5c112e52bb186fc006785765902f62325c87

    • SHA256

      9eee24f1910adf2f9f51d20686490ef331245fa9272895d3aba8a62f8f190c69

    • SHA512

      899ce395891a99312f1cb2fe1ae190456d611af9a5d56ad9a83bc8d46a8836db762566ab13703c774aaf5045e96fc06972cc5df3c5b1ef90f91d6807c2c226a6

    • SSDEEP

      24576:0uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:s9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks