Overview

overview

10

Static

static

3

ccdaece63d...18.dll

windows7-x64

10

ccdaece63d...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccdaece63d6ac64a80d629b4600b457f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240831-qbwgxavcqp

  • MD5

    ccdaece63d6ac64a80d629b4600b457f

  • SHA1

    71ce86f3f7908eeecd91a4dca36d68fb8e64f130

  • SHA256

    9886df6ecc914c70bd45014fddf8bf12d3d3b66431f24fddd9cc9bc56eca7dbe

  • SHA512

    f0755421fbe403d91b7fa7e6469ac2d10c697ac6763df6d230b25a5703936a9592024b712ab86a26a5c6576a38b2439af976619cc8a6e2ca3a3ed1b725c1f9b1

  • SSDEEP

    24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      ccdaece63d6ac64a80d629b4600b457f_JaffaCakes118

    • Size

      1.2MB

    • MD5

      ccdaece63d6ac64a80d629b4600b457f

    • SHA1

      71ce86f3f7908eeecd91a4dca36d68fb8e64f130

    • SHA256

      9886df6ecc914c70bd45014fddf8bf12d3d3b66431f24fddd9cc9bc56eca7dbe

    • SHA512

      f0755421fbe403d91b7fa7e6469ac2d10c697ac6763df6d230b25a5703936a9592024b712ab86a26a5c6576a38b2439af976619cc8a6e2ca3a3ed1b725c1f9b1

    • SSDEEP

      24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks