Overview

overview

10

Static

static

3

65a62742a7...18.dll

windows7-x64

10

65a62742a7...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    65a62742a787e492b028d52bdb05e703_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241021-f57f6a1ckf

  • MD5

    65a62742a787e492b028d52bdb05e703

  • SHA1

    f2b8cf85e293861d8cb1cd943909c96e528781e6

  • SHA256

    60bd90f888794eb99bba351ecab0e7c63e74bc5a05ffa87404e0f60912fbf384

  • SHA512

    e3bc49d29f577273ca331cd1f4325de3edda00bef6fe0a999534b7ddda3d548a683bdb2a4f5e8a5ab4ceb13520a7183d5b03f04bf775206896d7d74bceb5504c

  • SSDEEP

    12288:ydMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Tkr:EMIJxSDX3bqjhcfHk7MzH6zQr

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      65a62742a787e492b028d52bdb05e703_JaffaCakes118

    • Size

      1.1MB

    • MD5

      65a62742a787e492b028d52bdb05e703

    • SHA1

      f2b8cf85e293861d8cb1cd943909c96e528781e6

    • SHA256

      60bd90f888794eb99bba351ecab0e7c63e74bc5a05ffa87404e0f60912fbf384

    • SHA512

      e3bc49d29f577273ca331cd1f4325de3edda00bef6fe0a999534b7ddda3d548a683bdb2a4f5e8a5ab4ceb13520a7183d5b03f04bf775206896d7d74bceb5504c

    • SSDEEP

      12288:ydMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0Tkr:EMIJxSDX3bqjhcfHk7MzH6zQr

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks