General

  • Target

    a289f26f09690ec48b1970204f8757c8_JaffaCakes118

  • Size

    620KB

  • Sample

    240403-wc68page82

  • MD5

    a289f26f09690ec48b1970204f8757c8

  • SHA1

    a006f6707ac1208d3d93e12e866dadabc6e2ef92

  • SHA256

    e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157

  • SHA512

    df91d21f64ca6e6548985a61307403e18ce1ce4f63d51d07288f663424d079fc9b5ee87ca2ee7597a93866b090651ebccb8d55585c9ff2f548cd4d79ad9fe378

  • SSDEEP

    12288:GE6rSiy4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1pO/zFZx:8eoz3j0dMZnCutz4zI5xDwXUXm

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      a289f26f09690ec48b1970204f8757c8_JaffaCakes118

    • Size

      620KB

    • MD5

      a289f26f09690ec48b1970204f8757c8

    • SHA1

      a006f6707ac1208d3d93e12e866dadabc6e2ef92

    • SHA256

      e19ffa56150021f69ad88bf6c2650f66b6bf4350f3163275abbf98ca94acd157

    • SHA512

      df91d21f64ca6e6548985a61307403e18ce1ce4f63d51d07288f663424d079fc9b5ee87ca2ee7597a93866b090651ebccb8d55585c9ff2f548cd4d79ad9fe378

    • SSDEEP

      12288:GE6rSiy4Gbs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1pO/zFZx:8eoz3j0dMZnCutz4zI5xDwXUXm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks