General
-
Target
bec8a846de1019be9a43b4eb22f78e48_JaffaCakes118
-
Size
608KB
-
Sample
240404-wer7jsea5v
-
MD5
bec8a846de1019be9a43b4eb22f78e48
-
SHA1
eefa4360657e2cc017b0f788c1abb0a45295d5d2
-
SHA256
24749cb17a511bbd5ceda113c762e72a374c89d527b2a9c24bea0bb6f5992e2b
-
SHA512
ea91ddd2b459aa4315fea33a2f0319399e4fd0f26225de5e0fee7ed4c8255b6972f74fb5bb7eb5e910f02953c1200b78b608ecc1ea6ffb91183a50920bb3d67a
-
SSDEEP
12288:1ZGQdqOGS7JqydLqQSeCqsVK8kPRGO35N9mVPzXc6:1Z0YWjeCVVK8kP9N9oL
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
bec8a846de1019be9a43b4eb22f78e48_JaffaCakes118
-
Size
608KB
-
MD5
bec8a846de1019be9a43b4eb22f78e48
-
SHA1
eefa4360657e2cc017b0f788c1abb0a45295d5d2
-
SHA256
24749cb17a511bbd5ceda113c762e72a374c89d527b2a9c24bea0bb6f5992e2b
-
SHA512
ea91ddd2b459aa4315fea33a2f0319399e4fd0f26225de5e0fee7ed4c8255b6972f74fb5bb7eb5e910f02953c1200b78b608ecc1ea6ffb91183a50920bb3d67a
-
SSDEEP
12288:1ZGQdqOGS7JqydLqQSeCqsVK8kPRGO35N9mVPzXc6:1Z0YWjeCVVK8kP9N9oL
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-