General
-
Target
8b2f1a3d2d9f2b3256e6bdbf36fda1f3_JaffaCakes118
-
Size
608KB
-
Sample
240402-ng3gasgf82
-
MD5
8b2f1a3d2d9f2b3256e6bdbf36fda1f3
-
SHA1
2109687e5a2d731bee313a1ed0a9ece804c21677
-
SHA256
c561d7fdf613a16095cb5e321671b551a602dfe72a91d655d227d63e9de9c5a2
-
SHA512
93099f7c41b4cb0503d1c007c3d24166231f7f58c71bf9ee13b0a4c2495c6fd4cfb363133987e1f12c90cae9df530991b7d46340eae334ed1d55f97a14cf134b
-
SSDEEP
12288:ZZGQdqOGo/JqydLqQSeCqsVK8kPRGO35N9mV7zXc6:ZZ0WWjeCVVK8kP9N9oP
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
8b2f1a3d2d9f2b3256e6bdbf36fda1f3_JaffaCakes118
-
Size
608KB
-
MD5
8b2f1a3d2d9f2b3256e6bdbf36fda1f3
-
SHA1
2109687e5a2d731bee313a1ed0a9ece804c21677
-
SHA256
c561d7fdf613a16095cb5e321671b551a602dfe72a91d655d227d63e9de9c5a2
-
SHA512
93099f7c41b4cb0503d1c007c3d24166231f7f58c71bf9ee13b0a4c2495c6fd4cfb363133987e1f12c90cae9df530991b7d46340eae334ed1d55f97a14cf134b
-
SSDEEP
12288:ZZGQdqOGo/JqydLqQSeCqsVK8kPRGO35N9mV7zXc6:ZZ0WWjeCVVK8kP9N9oP
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-