General

  • Target

    3e3c3c8c63d07d53471c045b4b8436f8_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240513-hnp7nabc2w

  • MD5

    3e3c3c8c63d07d53471c045b4b8436f8

  • SHA1

    91dbeda1577541b699330a9c923888d2409e3e17

  • SHA256

    f929aa41bdd0ed0a0caaa89a180f6f5aec0fda92fcf627e80c7838bb8e86e7d1

  • SHA512

    7bb1fb036e417ab8ec2ce2866974051703606bb16d0227e0970e4b09eecfb4d2dadda06d5b14c22303fa83b14901f019c3b3efff4e39cf5788f6ea76721fea2d

  • SSDEEP

    24576:7yTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:7yWRKTt/QlPVp3h9

Malware Config

Targets

    • Target

      3e3c3c8c63d07d53471c045b4b8436f8_JaffaCakes118

    • Size

      1.2MB

    • MD5

      3e3c3c8c63d07d53471c045b4b8436f8

    • SHA1

      91dbeda1577541b699330a9c923888d2409e3e17

    • SHA256

      f929aa41bdd0ed0a0caaa89a180f6f5aec0fda92fcf627e80c7838bb8e86e7d1

    • SHA512

      7bb1fb036e417ab8ec2ce2866974051703606bb16d0227e0970e4b09eecfb4d2dadda06d5b14c22303fa83b14901f019c3b3efff4e39cf5788f6ea76721fea2d

    • SSDEEP

      24576:7yTonNVlKTt/Q5ECvVP7hpJMvjtKpvPf9+m6kLRqgSyI:7yWRKTt/QlPVp3h9

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Tasks