Overview

overview

10

Static

static

3

f27d0ce1d6...18.dll

windows7-x64

10

f27d0ce1d6...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240922-v1ww7a1erk

  • MD5

    f27d0ce1d6f4f2dc3ca5cd5d21185e04

  • SHA1

    ceb9a18cca6d60940ba6817f65b0c7d6c715ba9a

  • SHA256

    eee2e1a66ec290793a4c288e15f1517031ae55eb7af9a1f5215ca63366c067d0

  • SHA512

    55de677ed09b5cae3a18a799b010e09e2e33446f306b858d7b58adfcfc1aab83968320f898f354f28da57e86038b9c93d6a771760a8cc76e8481c1e9cc06a6ea

  • SSDEEP

    24576:PyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:PyWRKTt/QlPVp3h9

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      f27d0ce1d6f4f2dc3ca5cd5d21185e04_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f27d0ce1d6f4f2dc3ca5cd5d21185e04

    • SHA1

      ceb9a18cca6d60940ba6817f65b0c7d6c715ba9a

    • SHA256

      eee2e1a66ec290793a4c288e15f1517031ae55eb7af9a1f5215ca63366c067d0

    • SHA512

      55de677ed09b5cae3a18a799b010e09e2e33446f306b858d7b58adfcfc1aab83968320f898f354f28da57e86038b9c93d6a771760a8cc76e8481c1e9cc06a6ea

    • SSDEEP

      24576:PyTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:PyWRKTt/QlPVp3h9

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks