General

  • Target

    4d950b19cf1259d8507195d85bee6117_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240516-3mb9maef77

  • MD5

    4d950b19cf1259d8507195d85bee6117

  • SHA1

    a811e17a47a4245169044ebaaa24341e20f1606b

  • SHA256

    588b58453ab4fce0cf03730ab7802b5d8477f21ec26ef8d19ab0d992ac93fff3

  • SHA512

    1b06dd3c0840021c2d155134580465bcaa4dfc69051ce35932a57f3b4ec4d2f8822af9197122c077b2e5d622a867043027c2a7ec6f0789dfb9f7edbad5d40a16

  • SSDEEP

    24576:8uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NFt:09cKrUqZWLAcU

Malware Config

Targets

    • Target

      4d950b19cf1259d8507195d85bee6117_JaffaCakes118

    • Size

      1.4MB

    • MD5

      4d950b19cf1259d8507195d85bee6117

    • SHA1

      a811e17a47a4245169044ebaaa24341e20f1606b

    • SHA256

      588b58453ab4fce0cf03730ab7802b5d8477f21ec26ef8d19ab0d992ac93fff3

    • SHA512

      1b06dd3c0840021c2d155134580465bcaa4dfc69051ce35932a57f3b4ec4d2f8822af9197122c077b2e5d622a867043027c2a7ec6f0789dfb9f7edbad5d40a16

    • SSDEEP

      24576:8uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9NFt:09cKrUqZWLAcU

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Query Registry

1
T1012

Tasks