Overview

overview

10

Static

static

3

f0f02efa00...18.dll

windows7-x64

10

f0f02efa00...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0f02efa0024435c1edf094743b7cdf6_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240922-a1qd7atbmq

  • MD5

    f0f02efa0024435c1edf094743b7cdf6

  • SHA1

    57dfa6f63f794f897e53b0eb582ef76e1a646ae0

  • SHA256

    f5c4a8d100074c8177cd39eb29e743cc48d5cc1b9eb17773c79b1465c0f0278d

  • SHA512

    196c9db8e6c57c7c6680869c4099c10b844cea7d73b6f9eb489e3948344a0870f498a7f64750bd60251496195a11ccd99359250fee16b8ea424fb2c93b51cece

  • SSDEEP

    24576:NyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:NyWRKTt/QlPVp3h9

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      f0f02efa0024435c1edf094743b7cdf6_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f0f02efa0024435c1edf094743b7cdf6

    • SHA1

      57dfa6f63f794f897e53b0eb582ef76e1a646ae0

    • SHA256

      f5c4a8d100074c8177cd39eb29e743cc48d5cc1b9eb17773c79b1465c0f0278d

    • SHA512

      196c9db8e6c57c7c6680869c4099c10b844cea7d73b6f9eb489e3948344a0870f498a7f64750bd60251496195a11ccd99359250fee16b8ea424fb2c93b51cece

    • SSDEEP

      24576:NyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:NyWRKTt/QlPVp3h9

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks