Overview

overview

10

Static

static

3

f85ef19bb0...18.dll

windows7-x64

10

f85ef19bb0...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f85ef19bb03d5ca288b7b6aa1077168c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240926-pmx97szfqg

  • MD5

    f85ef19bb03d5ca288b7b6aa1077168c

  • SHA1

    abfb99abb75dbdaa00e7b3827c22817180c3a016

  • SHA256

    3a5d69c3a2b52ad6d2eb5c1471ca4e93fbb17cae1bc33972a67c2aedda09581f

  • SHA512

    0a4d9fdc3ab4694f6ce9ef3dc5251d1f048a60bdf73ccde4e6e00c6074fa4ba69ead7aaa0c63ebdc83ce00a453c935c8a4b4f1953f709dfcd8d57be10e42e485

  • SSDEEP

    24576:QuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:A9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      f85ef19bb03d5ca288b7b6aa1077168c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f85ef19bb03d5ca288b7b6aa1077168c

    • SHA1

      abfb99abb75dbdaa00e7b3827c22817180c3a016

    • SHA256

      3a5d69c3a2b52ad6d2eb5c1471ca4e93fbb17cae1bc33972a67c2aedda09581f

    • SHA512

      0a4d9fdc3ab4694f6ce9ef3dc5251d1f048a60bdf73ccde4e6e00c6074fa4ba69ead7aaa0c63ebdc83ce00a453c935c8a4b4f1953f709dfcd8d57be10e42e485

    • SSDEEP

      24576:QuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:A9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks