Overview

overview

10

Static

static

3

f7be1eab25...18.dll

windows7-x64

10

f7be1eab25...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7be1eab255e2a375ea6beedd7d8a764_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240926-gyps7s1hpm

  • MD5

    f7be1eab255e2a375ea6beedd7d8a764

  • SHA1

    64eb172fc246f70cf745e0a25fd74276fa7faf33

  • SHA256

    997d7cb2cc9b826d90e614f7f65398727a87682c4bdcde9dc34538db1bfdb334

  • SHA512

    2ca17e868ab645f3619fe9a74165989f513e403a38d84e430caf43ef432595699d74149a010f7d6b5b17f6f275c7c26dd8743c92ba670859d5bd02e4c73ef3a8

  • SSDEEP

    24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      f7be1eab255e2a375ea6beedd7d8a764_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f7be1eab255e2a375ea6beedd7d8a764

    • SHA1

      64eb172fc246f70cf745e0a25fd74276fa7faf33

    • SHA256

      997d7cb2cc9b826d90e614f7f65398727a87682c4bdcde9dc34538db1bfdb334

    • SHA512

      2ca17e868ab645f3619fe9a74165989f513e403a38d84e430caf43ef432595699d74149a010f7d6b5b17f6f275c7c26dd8743c92ba670859d5bd02e4c73ef3a8

    • SSDEEP

      24576:LuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:V9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks