Overview

overview

10

Static

static

3

fd08217e7b...18.dll

windows7-x64

10

fd08217e7b...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd08217e7bf39060422120e0bf0c3c55_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240928-ymle3stejm

  • MD5

    fd08217e7bf39060422120e0bf0c3c55

  • SHA1

    30b0479d71ea93a53e6ba7dc47c5f3cbf226de13

  • SHA256

    71589f5444e986a5cb4bd2043518f4209f7afa633c826b3f8471dba7a47a689f

  • SHA512

    c0aff810372c653b505c50abd8a21960dc951798102cf726373178f53fe7cf96d33f97baacd0b98e34eee4fa3416243fe0af4f3ef9f1ff5b3ba6eb194fe98208

  • SSDEEP

    24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      fd08217e7bf39060422120e0bf0c3c55_JaffaCakes118

    • Size

      1.2MB

    • MD5

      fd08217e7bf39060422120e0bf0c3c55

    • SHA1

      30b0479d71ea93a53e6ba7dc47c5f3cbf226de13

    • SHA256

      71589f5444e986a5cb4bd2043518f4209f7afa633c826b3f8471dba7a47a689f

    • SHA512

      c0aff810372c653b505c50abd8a21960dc951798102cf726373178f53fe7cf96d33f97baacd0b98e34eee4fa3416243fe0af4f3ef9f1ff5b3ba6eb194fe98208

    • SSDEEP

      24576:suYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:E9cKrUqZWLAcU

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks