Overview

overview

10

Static

static

3

d7046a77ab...18.dll

windows7-x64

10

d7046a77ab...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7046a77abea80c3feecd1943072d1b6_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240909-yxfbtaxeqm

  • MD5

    d7046a77abea80c3feecd1943072d1b6

  • SHA1

    d9896c3622da161c675d7ef431325b7fcca71886

  • SHA256

    c6925804ea54a33bcdcc830d09ffdd297160f57775da5c00d32e11339e07730c

  • SHA512

    3493cc0763646606dbf3483df2b6c76ed45b9412bf45f6cce0b499eb047fb209c0f84414e2a60ef5c8e2528c39241147467ec2948be4405aa8acd52e01b2b187

  • SSDEEP

    24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      d7046a77abea80c3feecd1943072d1b6_JaffaCakes118

    • Size

      1.2MB

    • MD5

      d7046a77abea80c3feecd1943072d1b6

    • SHA1

      d9896c3622da161c675d7ef431325b7fcca71886

    • SHA256

      c6925804ea54a33bcdcc830d09ffdd297160f57775da5c00d32e11339e07730c

    • SHA512

      3493cc0763646606dbf3483df2b6c76ed45b9412bf45f6cce0b499eb047fb209c0f84414e2a60ef5c8e2528c39241147467ec2948be4405aa8acd52e01b2b187

    • SSDEEP

      24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks