General

  • Target

    d24290c72ad04d54e46acbe21b617c43_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240907-szd9ms1akq

  • MD5

    d24290c72ad04d54e46acbe21b617c43

  • SHA1

    b7a91df70b0620b578a3d709b5af18b2d8eb8f33

  • SHA256

    c45a7ae23c315e0e5cb56d1bfe89d4a5ab30194c99f6f16b814d246f787c24de

  • SHA512

    d07efe41fc582b3d838d6e6191af14737b9733455bb57baad38a77aa066cb8a9dbd36678810fbaf27cbf8bf9dffa59529dd9f078bd32e4131c4da5dffe835da6

  • SSDEEP

    12288:VdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0TOt:7MIJxSDX3bqjhcfHk7MzH6zyt

Malware Config

Targets

    • Target

      d24290c72ad04d54e46acbe21b617c43_JaffaCakes118

    • Size

      1.1MB

    • MD5

      d24290c72ad04d54e46acbe21b617c43

    • SHA1

      b7a91df70b0620b578a3d709b5af18b2d8eb8f33

    • SHA256

      c45a7ae23c315e0e5cb56d1bfe89d4a5ab30194c99f6f16b814d246f787c24de

    • SHA512

      d07efe41fc582b3d838d6e6191af14737b9733455bb57baad38a77aa066cb8a9dbd36678810fbaf27cbf8bf9dffa59529dd9f078bd32e4131c4da5dffe835da6

    • SSDEEP

      12288:VdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0TOt:7MIJxSDX3bqjhcfHk7MzH6zyt

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks