Overview

overview

10

Static

static

3

fdf4a24f88...18.dll

windows7-x64

10

fdf4a24f88...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdf4a24f88214b0a4f02a8669a7c5ff8_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240929-g3tb7aserp

  • MD5

    fdf4a24f88214b0a4f02a8669a7c5ff8

  • SHA1

    d187ad8ffee9d34bbb8dafc787dd3858fe47cfcf

  • SHA256

    a151a8221a96d0ae5359b263a82cdcaf6bc4be7e3272f8c2edcecd8691b7df7f

  • SHA512

    771d54ff126bff1ebc52614c9f62f639f6fa212cf95da56b6bb07df228b88eef30ba7ff2b0d9bc45209b946dec201b47436508b5cd60c21a486fdf2f33854822

  • SSDEEP

    24576:vVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8j3:vV8hf6STw1ZlQauvzSq01ICe6zvme

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      fdf4a24f88214b0a4f02a8669a7c5ff8_JaffaCakes118

    • Size

      1.2MB

    • MD5

      fdf4a24f88214b0a4f02a8669a7c5ff8

    • SHA1

      d187ad8ffee9d34bbb8dafc787dd3858fe47cfcf

    • SHA256

      a151a8221a96d0ae5359b263a82cdcaf6bc4be7e3272f8c2edcecd8691b7df7f

    • SHA512

      771d54ff126bff1ebc52614c9f62f639f6fa212cf95da56b6bb07df228b88eef30ba7ff2b0d9bc45209b946dec201b47436508b5cd60c21a486fdf2f33854822

    • SSDEEP

      24576:vVHchfFcSTdS1ZikTqpaIJvzSqbY/0Z2ZlECMNXkTlzvmJL8j3:vV8hf6STw1ZlQauvzSq01ICe6zvme

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks