Overview

overview

10

Static

static

3

e5ce7011f6...18.dll

windows7-x64

10

e5ce7011f6...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5ce7011f68ebaaeb173f310c34f87d2_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240917-ab2e6awhqm

  • MD5

    e5ce7011f68ebaaeb173f310c34f87d2

  • SHA1

    b64a4c56ef7f6a6576a0b0f75e3e271a28722d16

  • SHA256

    5201a4cd5b69c5e49689be7361c07bceaa2cb9bf8be47e15e44acd582f814359

  • SHA512

    4068e1a6ce54d215266a717be3760a21000776f4b9e3f595d5720230d68d8609f5c54e43af922200671353c8d3401433a0b9d80b6a2a475efd5f3ed326d4073d

  • SSDEEP

    24576:SVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:SV8hf6STw1ZlQauvzSq01ICe6zvm

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      e5ce7011f68ebaaeb173f310c34f87d2_JaffaCakes118

    • Size

      1.2MB

    • MD5

      e5ce7011f68ebaaeb173f310c34f87d2

    • SHA1

      b64a4c56ef7f6a6576a0b0f75e3e271a28722d16

    • SHA256

      5201a4cd5b69c5e49689be7361c07bceaa2cb9bf8be47e15e44acd582f814359

    • SHA512

      4068e1a6ce54d215266a717be3760a21000776f4b9e3f595d5720230d68d8609f5c54e43af922200671353c8d3401433a0b9d80b6a2a475efd5f3ed326d4073d

    • SSDEEP

      24576:SVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8:SV8hf6STw1ZlQauvzSq01ICe6zvm

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks