Overview

overview

10

Static

static

3

26976ba397...18.dll

windows7-x64

10

26976ba397...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26976ba397f41991ffdeeff1031bf052_JaffaCakes118

  • Size

    973KB

  • Sample

    241008-2pfjdsvdjj

  • MD5

    26976ba397f41991ffdeeff1031bf052

  • SHA1

    a0978b28fd4ccba8529a9aab00bc370abb1508ff

  • SHA256

    9277022581a6a6565e4a1f7dd5b2c499cf62fd8e176450c0f4b2dca9fc70ce47

  • SHA512

    8665cefa87ce3698443d317e50a71f6baf45467cd1271b2799b49259c634ef742fb1ba95916f482012dd877dec452ea5efdd95c77008e6d5d37a1566034f40ac

  • SSDEEP

    24576:NIuIxBOQNcKv8RtflMQazYZPT29BL0qNsX90nn:i0+YZr2DR6Xg

Score
10/10
dridexbotnetpayloadpersistence

Malware Config

Targets

    • Target

      26976ba397f41991ffdeeff1031bf052_JaffaCakes118

    • Size

      973KB

    • MD5

      26976ba397f41991ffdeeff1031bf052

    • SHA1

      a0978b28fd4ccba8529a9aab00bc370abb1508ff

    • SHA256

      9277022581a6a6565e4a1f7dd5b2c499cf62fd8e176450c0f4b2dca9fc70ce47

    • SHA512

      8665cefa87ce3698443d317e50a71f6baf45467cd1271b2799b49259c634ef742fb1ba95916f482012dd877dec452ea5efdd95c77008e6d5d37a1566034f40ac

    • SSDEEP

      24576:NIuIxBOQNcKv8RtflMQazYZPT29BL0qNsX90nn:i0+YZr2DR6Xg

    Score
    10/10
    dridexbotnetpayloadpersistence

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks