Overview

overview

10

Static

static

3

f963cdd13e...18.dll

windows7-x64

10

f963cdd13e...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f963cdd13e8a02e085ad96942c7b697e_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240927-aleddavgrk

  • MD5

    f963cdd13e8a02e085ad96942c7b697e

  • SHA1

    c45bbdcfa0d01b667a899c580eaf672c17f6476e

  • SHA256

    d2b8767e0bc73b401800438a4249a81a7fc998d126f98ee574779b3629569e9c

  • SHA512

    442f9c643485bece188752fbac53aa9c2bfbbefc273c1b60e37d0e9625fdda2caf3ade1ebef99acb0964f015203c9ecea72cdb4250cf328b88b5ca8419a0701d

  • SSDEEP

    24576:iVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8v:iV8hf6STw1ZlQauvzSq01ICe6zvmU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      f963cdd13e8a02e085ad96942c7b697e_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f963cdd13e8a02e085ad96942c7b697e

    • SHA1

      c45bbdcfa0d01b667a899c580eaf672c17f6476e

    • SHA256

      d2b8767e0bc73b401800438a4249a81a7fc998d126f98ee574779b3629569e9c

    • SHA512

      442f9c643485bece188752fbac53aa9c2bfbbefc273c1b60e37d0e9625fdda2caf3ade1ebef99acb0964f015203c9ecea72cdb4250cf328b88b5ca8419a0701d

    • SSDEEP

      24576:iVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8v:iV8hf6STw1ZlQauvzSq01ICe6zvmU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks