Overview

overview

10

Static

static

3

e090a110c9...18.dll

windows7-x64

10

e090a110c9...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e090a110c92fd8946f94056dba3191a0_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240914-tvdmzstdre

  • MD5

    e090a110c92fd8946f94056dba3191a0

  • SHA1

    e4d9a011c12ba06f3afbdad94c6d65459f98d479

  • SHA256

    9b35e8390d3620e3c5a99040ea4c5ad6e3ec02a165b5cf788ceec7f31a68a4a0

  • SHA512

    15c822a0530564d4c16d11428d5f3afe260881b4e7db6225b650b71ed20f20629c13e4edf7fd5cf806951b7c7a9a7afee680fbdcda3b5e477b8f078ff7b1308b

  • SSDEEP

    24576:CuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:K9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      e090a110c92fd8946f94056dba3191a0_JaffaCakes118

    • Size

      1.4MB

    • MD5

      e090a110c92fd8946f94056dba3191a0

    • SHA1

      e4d9a011c12ba06f3afbdad94c6d65459f98d479

    • SHA256

      9b35e8390d3620e3c5a99040ea4c5ad6e3ec02a165b5cf788ceec7f31a68a4a0

    • SHA512

      15c822a0530564d4c16d11428d5f3afe260881b4e7db6225b650b71ed20f20629c13e4edf7fd5cf806951b7c7a9a7afee680fbdcda3b5e477b8f078ff7b1308b

    • SSDEEP

      24576:CuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:K9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks