Overview

overview

10

Static

static

3

cb97f3b10b...18.dll

windows7-x64

10

cb97f3b10b...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb97f3b10b212687f53bd9a867b48792_JaffaCakes118

  • Size

    989KB

  • Sample

    240830-y3l2jstckb

  • MD5

    cb97f3b10b212687f53bd9a867b48792

  • SHA1

    af2894245835fca466a102b9cc5269ba2e4d8cd6

  • SHA256

    028d57c42088b9a1346732bb9d7d19c2324293e9e7e1d7b39e602edaa9c878de

  • SHA512

    977ba2dcd9c2ebd059ebf35c9b010c45dc8d80c1b3105ee1607bd99dc663517a126a8c4a3726bacd84d5545a14c921d689537dee31b7e6db15075ffda9e2ac66

  • SSDEEP

    24576:xVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:xV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      cb97f3b10b212687f53bd9a867b48792_JaffaCakes118

    • Size

      989KB

    • MD5

      cb97f3b10b212687f53bd9a867b48792

    • SHA1

      af2894245835fca466a102b9cc5269ba2e4d8cd6

    • SHA256

      028d57c42088b9a1346732bb9d7d19c2324293e9e7e1d7b39e602edaa9c878de

    • SHA512

      977ba2dcd9c2ebd059ebf35c9b010c45dc8d80c1b3105ee1607bd99dc663517a126a8c4a3726bacd84d5545a14c921d689537dee31b7e6db15075ffda9e2ac66

    • SSDEEP

      24576:xVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:xV8hf6STw1ZlQauvzSq01ICe6zvm

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks