Overview

overview

10

Static

static

3

ef144112ab...18.dll

windows7-x64

10

ef144112ab...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef144112ab3bd4e5fede0a35175b0865_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240921-e8p6lsvhkk

  • MD5

    ef144112ab3bd4e5fede0a35175b0865

  • SHA1

    ea9e920ef55c48d710b9dbd593ba87e1da2f1b35

  • SHA256

    a63b33397161f4ae306b3304283359d24e52c75aef053ef690794cc664069c91

  • SHA512

    15f45026594769fddeed6ff1f60f15b27cab2492bd12d4d5d910abdab1802e281540823bcde73c0eab38ecd5ab8bc38054b3d7da6db3bb71a4c1b8fd0d236ee1

  • SSDEEP

    24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:29cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      ef144112ab3bd4e5fede0a35175b0865_JaffaCakes118

    • Size

      1.2MB

    • MD5

      ef144112ab3bd4e5fede0a35175b0865

    • SHA1

      ea9e920ef55c48d710b9dbd593ba87e1da2f1b35

    • SHA256

      a63b33397161f4ae306b3304283359d24e52c75aef053ef690794cc664069c91

    • SHA512

      15f45026594769fddeed6ff1f60f15b27cab2492bd12d4d5d910abdab1802e281540823bcde73c0eab38ecd5ab8bc38054b3d7da6db3bb71a4c1b8fd0d236ee1

    • SSDEEP

      24576:2uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:29cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks