General
-
Target
dd8a6238fbf020c318d4a58692a833d0_JaffaCakes118
-
Size
608KB
-
Sample
240406-g8c76ace81
-
MD5
dd8a6238fbf020c318d4a58692a833d0
-
SHA1
4f8bd2f6783e060d51235179340a53784faca5a4
-
SHA256
ff32882e03c490121358ec7a804f3568b8ffd5a9e02ceedb0f66f7dfb951cbbe
-
SHA512
c53c4a9de92baf109de3f69087fc103f84014a6614f6fe9f0dc90bcb9fd28b77b7536850fc94d95acfe4d3ce2021bdd83c4b3817949fb3ee7598ead257386208
-
SSDEEP
12288:GZGQdqOG0VJqydLqQSeCqsVK8kPRGO35N9mVNzXc6:GZ0wWjeCVVK8kP9N9oR
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
dd8a6238fbf020c318d4a58692a833d0_JaffaCakes118
-
Size
608KB
-
MD5
dd8a6238fbf020c318d4a58692a833d0
-
SHA1
4f8bd2f6783e060d51235179340a53784faca5a4
-
SHA256
ff32882e03c490121358ec7a804f3568b8ffd5a9e02ceedb0f66f7dfb951cbbe
-
SHA512
c53c4a9de92baf109de3f69087fc103f84014a6614f6fe9f0dc90bcb9fd28b77b7536850fc94d95acfe4d3ce2021bdd83c4b3817949fb3ee7598ead257386208
-
SSDEEP
12288:GZGQdqOG0VJqydLqQSeCqsVK8kPRGO35N9mVNzXc6:GZ0wWjeCVVK8kP9N9oR
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-