Overview

overview

10

Static

static

3

35a49d0b8e...18.dll

windows7-x64

10

35a49d0b8e...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35a49d0b8e5d1748ef8ed60d646e62b0_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241011-thbb4awblk

  • MD5

    35a49d0b8e5d1748ef8ed60d646e62b0

  • SHA1

    4556bb402441ff4ed307b75c4fc54596f78cbd15

  • SHA256

    bad0daeaf20a474f44a060b49aa175aec0145a1a1765881426e1e6781f22b543

  • SHA512

    7bd08faa1a6eb6b5843f78c40d70c4488f1f997c3b099287142c54af0d1d35a57073946ed7700fe832b129599fff895824ba1efea55cde58adeaa668be090b54

  • SSDEEP

    12288:PdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Ty:VMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      35a49d0b8e5d1748ef8ed60d646e62b0_JaffaCakes118

    • Size

      1.1MB

    • MD5

      35a49d0b8e5d1748ef8ed60d646e62b0

    • SHA1

      4556bb402441ff4ed307b75c4fc54596f78cbd15

    • SHA256

      bad0daeaf20a474f44a060b49aa175aec0145a1a1765881426e1e6781f22b543

    • SHA512

      7bd08faa1a6eb6b5843f78c40d70c4488f1f997c3b099287142c54af0d1d35a57073946ed7700fe832b129599fff895824ba1efea55cde58adeaa668be090b54

    • SSDEEP

      12288:PdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Ty:VMIJxSDX3bqjhcfHk7MzH6z

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks