General
-
Target
fddd5965364792568919cdf03a75f6e0_JaffaCakes118
-
Size
604KB
-
Sample
240420-24xq8acd23
-
MD5
fddd5965364792568919cdf03a75f6e0
-
SHA1
682337c26641044580584720f3cc82cb8deae2c4
-
SHA256
ccc3dbe6e59089f3f31ceca66125cf024ae13c583275474e50af07788eafd89d
-
SHA512
774c892db5c0794c985918e1e4e46ea6da779aeea5ad9858120b9e49355938781c84806ba45d76dbd05f3c2e24099c7ccc52e7537459ba17d6d17dad11a6e13e
-
SSDEEP
12288:kuIBuwwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbVW/:72b4wqyaDA5sTWiXT2tq07G2s/
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
fddd5965364792568919cdf03a75f6e0_JaffaCakes118
-
Size
604KB
-
MD5
fddd5965364792568919cdf03a75f6e0
-
SHA1
682337c26641044580584720f3cc82cb8deae2c4
-
SHA256
ccc3dbe6e59089f3f31ceca66125cf024ae13c583275474e50af07788eafd89d
-
SHA512
774c892db5c0794c985918e1e4e46ea6da779aeea5ad9858120b9e49355938781c84806ba45d76dbd05f3c2e24099c7ccc52e7537459ba17d6d17dad11a6e13e
-
SSDEEP
12288:kuIBuwwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbVW/:72b4wqyaDA5sTWiXT2tq07G2s/
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-