General

  • Target

    c63ec6d98437861b3e380e98257ae0f7_JaffaCakes118

  • Size

    620KB

  • Sample

    240405-a4gapafh52

  • MD5

    c63ec6d98437861b3e380e98257ae0f7

  • SHA1

    269240e3b41c81a160c6268891006607cc1d717e

  • SHA256

    439ad83ea444cb894f3a641eb322a6dcef5ae9f2962485181ddd5fb3d5249d2f

  • SHA512

    17d54e65ed42316f756f7a91446a36563e442c63ecb7ce52f4c67481140a3e2f37a5fc1fcf1f6411c086050d22e3b9a768dacd2bcd60ddb86d8a07e58fb62f75

  • SSDEEP

    12288:mE6rSis46bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1dO/zFZx:ceC33j0dMZnCutz4zI5xDwXUzm

Malware Config

Extracted

Family

dridex

Botnet

10222

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      c63ec6d98437861b3e380e98257ae0f7_JaffaCakes118

    • Size

      620KB

    • MD5

      c63ec6d98437861b3e380e98257ae0f7

    • SHA1

      269240e3b41c81a160c6268891006607cc1d717e

    • SHA256

      439ad83ea444cb894f3a641eb322a6dcef5ae9f2962485181ddd5fb3d5249d2f

    • SHA512

      17d54e65ed42316f756f7a91446a36563e442c63ecb7ce52f4c67481140a3e2f37a5fc1fcf1f6411c086050d22e3b9a768dacd2bcd60ddb86d8a07e58fb62f75

    • SSDEEP

      12288:mE6rSis46bs3j09TMmonCh5atbz9+eoQoUZpDd7Da1nX9y1dO/zFZx:ceC33j0dMZnCutz4zI5xDwXUzm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks