General

  • Target

    2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240510-tnwj8ahd68

  • MD5

    2ff600654e8bc24df8ca6ae128b918c1

  • SHA1

    8a77bb477ae20d0376cabf30661e79d01b0b9262

  • SHA256

    0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8

  • SHA512

    5f92fbd30bf99d66b3571d0c66b3e65e678aaa04bc239630b7ba7da452544fa790df4f96d2e9e41928bc48bf23ca193668fc0ad813ddce6217cfb2bddb3555d8

  • SSDEEP

    24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

Malware Config

Targets

    • Target

      2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118

    • Size

      1.2MB

    • MD5

      2ff600654e8bc24df8ca6ae128b918c1

    • SHA1

      8a77bb477ae20d0376cabf30661e79d01b0b9262

    • SHA256

      0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8

    • SHA512

      5f92fbd30bf99d66b3571d0c66b3e65e678aaa04bc239630b7ba7da452544fa790df4f96d2e9e41928bc48bf23ca193668fc0ad813ddce6217cfb2bddb3555d8

    • SSDEEP

      24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Tasks