dridex | 13a0c05dd4f7e469240ea0d791589e829f8648b1bc7fde8a376187beced129f5

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 14:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe
Size

1.1MB
MD5

ea30222df47596649901a0e6c4f0f8c2
SHA1

69fd28af4a424fb023cd5eb9369788a66207d347
SHA256

13a0c05dd4f7e469240ea0d791589e829f8648b1bc7fde8a376187beced129f5
SHA512

3adcf4eabf6d4bcb6cdf0bec3409a12c34ff8977340a630ee210659e02d262eb4b7529ce0493da2fcc13e43985883252c7814e80b66dc4067fcd1f98354f1a44
SSDEEP

12288:lM+ZdkmHubeaCo6TRg522A/sUQBJ8Wvp:lMcpTo6a00BOa

Score

10^/10

dridex 10111 botnet discovery evasion trojan

Malware Config

Extracted

Family

dridex

Botnet

10111

176.9.89.122:10172

147.91.31.1:6225

103.30.247.115:7443

rc4.plain

1
55cf5F85ZxYDpGqSBlYEsYNgstGXj5Yiul5T2wM6GSoq

rc4.plain

1
i3CRs4XPeBtw8y5Iix5xGYgjxB0wOQ3umaTe1z1PAA4adeevs2BFAtt0s3Y7yu

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
PID:2200

Network

No results found

176.9.89.122:10172

ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe

152 B
120 B
3
3
176.9.89.122:10172

ea30222df47596649901a0e6c4f0f8c2_JaffaCakes118.exe

152 B
120 B
3
3

No results found

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2200-0-0x0000000000220000-0x000000000025C000-memory.dmp

Filesize
240KB

Download
memory/2200-1-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2200-2-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download