Overview

overview

10

Static

static

3

JaffaCakes...60.dll

windows7-x64

10

JaffaCakes...60.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560

  • Size

    1.2MB

  • Sample

    250106-jrncxa1kev

  • MD5

    1784eed86f9255db0efbd5ddbf4b2560

  • SHA1

    21c51a0ba1ef68404534c414c1fd58f2c4f0825b

  • SHA256

    cdde0dfafa869cbf727ef47da712cf20a795006a434065252fa06fd4ab9506a5

  • SHA512

    cd5e93ef7b25c30a08f6c1febab3913b89542fbff0f1f4bca55bd54b0b43a6c63b2fa8f152777dfa8bd3236a3d52150f963abe26c58013c29941c6a29c1d46b4

  • SSDEEP

    12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1q:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnbq

Score
10/10
dridexbotnetevasionpayloadpersistencetrojan

Malware Config

Targets

    • Target

      JaffaCakes118_1784eed86f9255db0efbd5ddbf4b2560

    • Size

      1.2MB

    • MD5

      1784eed86f9255db0efbd5ddbf4b2560

    • SHA1

      21c51a0ba1ef68404534c414c1fd58f2c4f0825b

    • SHA256

      cdde0dfafa869cbf727ef47da712cf20a795006a434065252fa06fd4ab9506a5

    • SHA512

      cd5e93ef7b25c30a08f6c1febab3913b89542fbff0f1f4bca55bd54b0b43a6c63b2fa8f152777dfa8bd3236a3d52150f963abe26c58013c29941c6a29c1d46b4

    • SSDEEP

      12288:8VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1q:JfP7fWsK5z9A+WGAW+V5SB6Ct4bnbq

    Score
    10/10
    dridexbotnetevasionpayloadpersistencetrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks