General

  • Target

    835da1e9b762db7442f48d70b64b222c_JaffaCakes118

  • Size

    620KB

  • Sample

    240402-evq6ragh46

  • MD5

    835da1e9b762db7442f48d70b64b222c

  • SHA1

    acce7ffd3925da39d072d5161a80e55509a6bfdd

  • SHA256

    b2479e00fd3976aec1eafffd4cff73f67e0ac0399a64b1bfcda4e98f24e92f0f

  • SHA512

    2208338c32e59bd29633ccc93bdd84536922ab6ac6fa3c6c8eef958a31f6f3f5ea18d99008fbd9d43caf9def9cf35b2371a4229edb64f9967b56ae8f8d4d14ed

  • SSDEEP

    12288:jE6rSix4Sbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y15O/zFZxg:heTf3j0dMZnCutz4zI5xDwXULmS

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      835da1e9b762db7442f48d70b64b222c_JaffaCakes118

    • Size

      620KB

    • MD5

      835da1e9b762db7442f48d70b64b222c

    • SHA1

      acce7ffd3925da39d072d5161a80e55509a6bfdd

    • SHA256

      b2479e00fd3976aec1eafffd4cff73f67e0ac0399a64b1bfcda4e98f24e92f0f

    • SHA512

      2208338c32e59bd29633ccc93bdd84536922ab6ac6fa3c6c8eef958a31f6f3f5ea18d99008fbd9d43caf9def9cf35b2371a4229edb64f9967b56ae8f8d4d14ed

    • SSDEEP

      12288:jE6rSix4Sbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y15O/zFZxg:heTf3j0dMZnCutz4zI5xDwXULmS

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks