General

  • Target

    a38752089760a995779233ec52ed1de4_JaffaCakes118

  • Size

    664KB

  • Sample

    240403-w9rjhahe66

  • MD5

    a38752089760a995779233ec52ed1de4

  • SHA1

    814ad5b66d77826bb00b603456681d19c0c7a93f

  • SHA256

    c94e1999d62bdbe743f08b2383083a0b70b41c7a136507ea66614aaf1403dddc

  • SHA512

    c490226c8f455d409065b2a2a93f54f08f3397557e1630e0ce7b27057020114ff5c6b6a596d86b4b4db23b49bbad82d64d5d4bd489fd89abb47de02a26567501

  • SSDEEP

    12288:L/0Qzqf0edi483M+6TFKywVt6PbEYU0eyJTT/Mu9oV01uHoaEPc:z0zhdIn6TFKywvCbEOxDMu9oyFaEPc

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      a38752089760a995779233ec52ed1de4_JaffaCakes118

    • Size

      664KB

    • MD5

      a38752089760a995779233ec52ed1de4

    • SHA1

      814ad5b66d77826bb00b603456681d19c0c7a93f

    • SHA256

      c94e1999d62bdbe743f08b2383083a0b70b41c7a136507ea66614aaf1403dddc

    • SHA512

      c490226c8f455d409065b2a2a93f54f08f3397557e1630e0ce7b27057020114ff5c6b6a596d86b4b4db23b49bbad82d64d5d4bd489fd89abb47de02a26567501

    • SSDEEP

      12288:L/0Qzqf0edi483M+6TFKywVt6PbEYU0eyJTT/Mu9oV01uHoaEPc:z0zhdIn6TFKywvCbEOxDMu9oyFaEPc

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks