Overview

overview

10

Static

static

3

b273fa9743...18.dll

windows7-x64

10

b273fa9743...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b273fa97431153c131b5b9ae8d6f85b7_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240821-hf9akavalc

  • MD5

    b273fa97431153c131b5b9ae8d6f85b7

  • SHA1

    6747bd7ef216cdf6d23e500c2ca8c41e851b109e

  • SHA256

    f487a0f3b8ef34854390d1f67b57ead543c6a940a74bf00699264c183533cbe6

  • SHA512

    6bc9e750e65ae49fa76d6fc1447b3386c79cf434871e75a5b6f2307ccd35b9105c8b6e5eafd610e618ce36ac4089cecd2c739ed05cb9bf9944327b40fcbc2e1c

  • SSDEEP

    24576:GuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:m9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      b273fa97431153c131b5b9ae8d6f85b7_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b273fa97431153c131b5b9ae8d6f85b7

    • SHA1

      6747bd7ef216cdf6d23e500c2ca8c41e851b109e

    • SHA256

      f487a0f3b8ef34854390d1f67b57ead543c6a940a74bf00699264c183533cbe6

    • SHA512

      6bc9e750e65ae49fa76d6fc1447b3386c79cf434871e75a5b6f2307ccd35b9105c8b6e5eafd610e618ce36ac4089cecd2c739ed05cb9bf9944327b40fcbc2e1c

    • SSDEEP

      24576:GuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:m9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojanprivilege_escalation

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks