Overview

overview

10

Static

static

3

49b478cc38...18.dll

windows7-x64

10

49b478cc38...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49b478cc38b76090a5dcf3bf2bf85860_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241015-yla8qaxhkn

  • MD5

    49b478cc38b76090a5dcf3bf2bf85860

  • SHA1

    17eac34e5fa4b82d401a47c5f5763e918693cac3

  • SHA256

    85a83765c561ea8375b492b286a66a6541427217967cd399d2e4e4230141e4e7

  • SHA512

    6f37c08e374b6b07a7c45a1521b05d2841864cf66d04044c1db9e6c828cdd877adbd6df0602df8db6df86740c28d72a27ed077c916333e2d08cb3129bae57958

  • SSDEEP

    12288:pVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:IfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      49b478cc38b76090a5dcf3bf2bf85860_JaffaCakes118

    • Size

      1.2MB

    • MD5

      49b478cc38b76090a5dcf3bf2bf85860

    • SHA1

      17eac34e5fa4b82d401a47c5f5763e918693cac3

    • SHA256

      85a83765c561ea8375b492b286a66a6541427217967cd399d2e4e4230141e4e7

    • SHA512

      6f37c08e374b6b07a7c45a1521b05d2841864cf66d04044c1db9e6c828cdd877adbd6df0602df8db6df86740c28d72a27ed077c916333e2d08cb3129bae57958

    • SSDEEP

      12288:pVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:IfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks