General
-
Target
c63ec6d98437861b3e380e98257ae0f7_JaffaCakes118
-
Size
620KB
-
Sample
240405-a4gapafh52
-
MD5
c63ec6d98437861b3e380e98257ae0f7
-
SHA1
269240e3b41c81a160c6268891006607cc1d717e
-
SHA256
439ad83ea444cb894f3a641eb322a6dcef5ae9f2962485181ddd5fb3d5249d2f
-
SHA512
17d54e65ed42316f756f7a91446a36563e442c63ecb7ce52f4c67481140a3e2f37a5fc1fcf1f6411c086050d22e3b9a768dacd2bcd60ddb86d8a07e58fb62f75
-
SSDEEP
12288:mE6rSis46bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1dO/zFZx:ceC33j0dMZnCutz4zI5xDwXUzm
Malware Config
Extracted
dridex
10222
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
c63ec6d98437861b3e380e98257ae0f7_JaffaCakes118
-
Size
620KB
-
MD5
c63ec6d98437861b3e380e98257ae0f7
-
SHA1
269240e3b41c81a160c6268891006607cc1d717e
-
SHA256
439ad83ea444cb894f3a641eb322a6dcef5ae9f2962485181ddd5fb3d5249d2f
-
SHA512
17d54e65ed42316f756f7a91446a36563e442c63ecb7ce52f4c67481140a3e2f37a5fc1fcf1f6411c086050d22e3b9a768dacd2bcd60ddb86d8a07e58fb62f75
-
SSDEEP
12288:mE6rSis46bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1dO/zFZx:ceC33j0dMZnCutz4zI5xDwXUzm
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-