General

  • Target

    90eaea5654f4d01c08962f961d5893ac_JaffaCakes118

  • Size

    620KB

  • Sample

    240402-thgh4seh2w

  • MD5

    90eaea5654f4d01c08962f961d5893ac

  • SHA1

    dce184b083d8776a3ec54a2dd2ae7ccbddf7f07e

  • SHA256

    dc2670f1082f73b5fae07b86e8c35433ef505ce3de34a7a2039f27533139335a

  • SHA512

    05bc5474f5246b70e604ec616e3969b1de1573693e98c72e240ed72e95825315ba83e27302f19f6e2b460dc925c9e702985ec057e9a9f808fd1c3f9fe3f78ecb

  • SSDEEP

    12288:0E6rSil4Pbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1WO/zFZxm:6e3Q3j0dMZnCutz4zI5xDwXUAms

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      90eaea5654f4d01c08962f961d5893ac_JaffaCakes118

    • Size

      620KB

    • MD5

      90eaea5654f4d01c08962f961d5893ac

    • SHA1

      dce184b083d8776a3ec54a2dd2ae7ccbddf7f07e

    • SHA256

      dc2670f1082f73b5fae07b86e8c35433ef505ce3de34a7a2039f27533139335a

    • SHA512

      05bc5474f5246b70e604ec616e3969b1de1573693e98c72e240ed72e95825315ba83e27302f19f6e2b460dc925c9e702985ec057e9a9f808fd1c3f9fe3f78ecb

    • SSDEEP

      12288:0E6rSil4Pbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1WO/zFZxm:6e3Q3j0dMZnCutz4zI5xDwXUAms

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks