Overview

overview

10

Static

static

3

JaffaCakes...ba.dll

windows7-x64

10

JaffaCakes...ba.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba

  • Size

    1.3MB

  • Sample

    250107-x7hdgsvnhy

  • MD5

    75322c14a10b2b96ce21eda6c19e92ba

  • SHA1

    87a0258a905cb7ce63ccb60070b036d43c2184f4

  • SHA256

    e8ef13ec78a9d82e088ff03b53c6f8c2ff84ba2cbedc1c8b08971f88a68fc44a

  • SHA512

    59a40f743edace4a52514b95b8ce821827a19827a16c0af57704908caebc1d1c0b67a79ff045805b5d5f1040cc75a730d0f19b6a6b14db9d24a2218ba632b3f5

  • SSDEEP

    12288:M9bvAviE6/WFmTsg2t1TxzGIhRR/xSw7aRlVYxrx6:M9bN/Ypgg1TxqkR9xaEx

Score
10/10
dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      JaffaCakes118_75322c14a10b2b96ce21eda6c19e92ba

    • Size

      1.3MB

    • MD5

      75322c14a10b2b96ce21eda6c19e92ba

    • SHA1

      87a0258a905cb7ce63ccb60070b036d43c2184f4

    • SHA256

      e8ef13ec78a9d82e088ff03b53c6f8c2ff84ba2cbedc1c8b08971f88a68fc44a

    • SHA512

      59a40f743edace4a52514b95b8ce821827a19827a16c0af57704908caebc1d1c0b67a79ff045805b5d5f1040cc75a730d0f19b6a6b14db9d24a2218ba632b3f5

    • SSDEEP

      12288:M9bvAviE6/WFmTsg2t1TxzGIhRR/xSw7aRlVYxrx6:M9bN/Ypgg1TxqkR9xaEx

    Score
    10/10
    dridexbotnetevasionpayloadpersistenceprivilege_escalationtrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

      botnetpayload

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

      botnetpayload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks