General
-
Target
24499a2accccfce4f2fa27621c832167_JaffaCakes118
-
Size
785KB
-
Sample
240704-cnw3ba1dmh
-
MD5
24499a2accccfce4f2fa27621c832167
-
SHA1
85e91e7ff19d5438e84422b367acbc32a6ffad4b
-
SHA256
6f7620033e5a6b1283b801c2c97d2bd5dcacb72a2b1ba709b6a763394c6a6aca
-
SHA512
9d0564d490c9b74d39c11620719315ed51589bfe48e366a8ea9c63d5eb6dc3f5320649f6a636bb7beb27a1fdd527ded5a39eeebb54ae28f816dbf74b3a03e0ad
-
SSDEEP
12288:wbqkjZe1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTa81MOU7qOkQR1:wbqkjZeqxYjxoArwQobmMKxiOUFkK1
Malware Config
Extracted
dridex
10444
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Targets
-
-
Target
24499a2accccfce4f2fa27621c832167_JaffaCakes118
-
Size
785KB
-
MD5
24499a2accccfce4f2fa27621c832167
-
SHA1
85e91e7ff19d5438e84422b367acbc32a6ffad4b
-
SHA256
6f7620033e5a6b1283b801c2c97d2bd5dcacb72a2b1ba709b6a763394c6a6aca
-
SHA512
9d0564d490c9b74d39c11620719315ed51589bfe48e366a8ea9c63d5eb6dc3f5320649f6a636bb7beb27a1fdd527ded5a39eeebb54ae28f816dbf74b3a03e0ad
-
SSDEEP
12288:wbqkjZe1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTa81MOU7qOkQR1:wbqkjZeqxYjxoArwQobmMKxiOUFkK1
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-