Overview

overview

10

Static

static

3

b79de8bd57...18.dll

windows7-x64

10

b79de8bd57...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b79de8bd575fd4c340b9fa4352696533_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240822-pj8a1awgpb

  • MD5

    b79de8bd575fd4c340b9fa4352696533

  • SHA1

    7e1b2fab1003993cb117cae87b239b42e657a56d

  • SHA256

    5f809c22a4793c5f79ce37d5621580998d890837537e420d638ef1681964220d

  • SHA512

    1d573f55c41b7315076e602eccc5a5830fc284e63df96863350c19cb21f363703759ab404a324298ee9c4731b9399041814c5d53e194f15bc21c486118cf5d0a

  • SSDEEP

    24576:vuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:R9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      b79de8bd575fd4c340b9fa4352696533_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b79de8bd575fd4c340b9fa4352696533

    • SHA1

      7e1b2fab1003993cb117cae87b239b42e657a56d

    • SHA256

      5f809c22a4793c5f79ce37d5621580998d890837537e420d638ef1681964220d

    • SHA512

      1d573f55c41b7315076e602eccc5a5830fc284e63df96863350c19cb21f363703759ab404a324298ee9c4731b9399041814c5d53e194f15bc21c486118cf5d0a

    • SSDEEP

      24576:vuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:R9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks