General
-
Target
yqyc8tnfx.jpg.malware
-
Size
664KB
-
Sample
240506-v2g5eseh79
-
MD5
b6ba95fe24bbe2fedd6cb6373af94252
-
SHA1
cfc69a8ffeb3dde2b108c162e6d8131ae36d3a75
-
SHA256
5c6bebae6f13e804081376a322008f56893eb5fd5147d5e011ecb965c63f05bc
-
SHA512
49914753c5a5b6aef2569337fc06b7840a2f4788631f4c56e46477cd191fb9c7164df0904da2aaba9489ab3ea0190ad7fb0c1760a25b8b68cb3ed6bf2770cbcb
-
SSDEEP
12288:d/0Qzqf0eSi48OM+6TFKywVt6PbEYU0eyJTT/Mu9oV01usoaEP:t0zhSdn6TFKywvCbEOxDMu9oysaEP
Malware Config
Extracted
dridex
10222
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
yqyc8tnfx.jpg.malware
-
Size
664KB
-
MD5
b6ba95fe24bbe2fedd6cb6373af94252
-
SHA1
cfc69a8ffeb3dde2b108c162e6d8131ae36d3a75
-
SHA256
5c6bebae6f13e804081376a322008f56893eb5fd5147d5e011ecb965c63f05bc
-
SHA512
49914753c5a5b6aef2569337fc06b7840a2f4788631f4c56e46477cd191fb9c7164df0904da2aaba9489ab3ea0190ad7fb0c1760a25b8b68cb3ed6bf2770cbcb
-
SSDEEP
12288:d/0Qzqf0eSi48OM+6TFKywVt6PbEYU0eyJTT/Mu9oV01usoaEP:t0zhSdn6TFKywvCbEOxDMu9oysaEP
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-