General

  • Target

    30c380426505d0cc6741782bb917671b_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240330-b8gbxsfb76

  • MD5

    30c380426505d0cc6741782bb917671b

  • SHA1

    e3584ded8526f2d2559e3bb5bbc6cb1e307c5f3c

  • SHA256

    97b3e4014ca0d298804be4f599b0601b934f88940137f74c91828c984de30969

  • SHA512

    80b75e3fcb55a5d6f0437a80214107c3e40e5aaeba60a194acd836143ae726b396ce3cec0b787cb43a63861aa2dd91e006a43ee86628808ae43d3ad40c5d434f

  • SSDEEP

    24576:VehqOUx1kdlsk5OPOND4mXHD4tTrSbg86YXFsfS4XVMKG:VQYIEUDVpqYXz4qT

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      30c380426505d0cc6741782bb917671b_JaffaCakes118

    • Size

      1.4MB

    • MD5

      30c380426505d0cc6741782bb917671b

    • SHA1

      e3584ded8526f2d2559e3bb5bbc6cb1e307c5f3c

    • SHA256

      97b3e4014ca0d298804be4f599b0601b934f88940137f74c91828c984de30969

    • SHA512

      80b75e3fcb55a5d6f0437a80214107c3e40e5aaeba60a194acd836143ae726b396ce3cec0b787cb43a63861aa2dd91e006a43ee86628808ae43d3ad40c5d434f

    • SSDEEP

      24576:VehqOUx1kdlsk5OPOND4mXHD4tTrSbg86YXFsfS4XVMKG:VQYIEUDVpqYXz4qT

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks