Overview

overview

10

Static

static

3

JaffaCakes...28.dll

windows7-x64

10

JaffaCakes...28.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_979cd2c035dbce6d66b94e537870a428

  • Size

    828KB

  • Sample

    250105-kcy2jaylgs

  • MD5

    979cd2c035dbce6d66b94e537870a428

  • SHA1

    e58fc8c4ecf4a730ca1f761ec4fcd55c40961b60

  • SHA256

    e269355445b70397f7c8607c12c5010fa25010717851dce4318e120d43aa60e7

  • SHA512

    b10644228a0805909c0343f45ed26066a75c9cc7e19554cd3d31381a2b36ef6369c87d436ae53af5eccb55a9b434ca238fda584952bd229ee6d80328a55f4d2f

  • SSDEEP

    12288:qdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:MMIJxSDX3bqjhcfHk7MzH6z

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      JaffaCakes118_979cd2c035dbce6d66b94e537870a428

    • Size

      828KB

    • MD5

      979cd2c035dbce6d66b94e537870a428

    • SHA1

      e58fc8c4ecf4a730ca1f761ec4fcd55c40961b60

    • SHA256

      e269355445b70397f7c8607c12c5010fa25010717851dce4318e120d43aa60e7

    • SHA512

      b10644228a0805909c0343f45ed26066a75c9cc7e19554cd3d31381a2b36ef6369c87d436ae53af5eccb55a9b434ca238fda584952bd229ee6d80328a55f4d2f

    • SSDEEP

      12288:qdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:MMIJxSDX3bqjhcfHk7MzH6z

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks