General
-
Target
4ee129a17d4714d96f9a56e5f5aeb49f_JaffaCakes118
-
Size
785KB
-
Sample
240716-slvpgaycqr
-
MD5
4ee129a17d4714d96f9a56e5f5aeb49f
-
SHA1
49d6323987c01c2b887101ff493b510229e17428
-
SHA256
120c3c37af1672c02ce61d7a64795e9cf44146a6e753e5d889c3bfa360d6cd2d
-
SHA512
f0c845e941b7af77db60447c4e04a0a693e5327f58baff19fa9da2fcc28eecf18743c000d36eca32ba82bdf6dbd620e6517c064023fcb11fe48f9a88e8f9be79
-
SSDEEP
12288:kbqkjZS1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTy81MOU7qOkQR1:kbqkjZSqxYjxoArwQobmMKpiOUFkK1
Malware Config
Extracted
dridex
10444
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Targets
-
-
Target
4ee129a17d4714d96f9a56e5f5aeb49f_JaffaCakes118
-
Size
785KB
-
MD5
4ee129a17d4714d96f9a56e5f5aeb49f
-
SHA1
49d6323987c01c2b887101ff493b510229e17428
-
SHA256
120c3c37af1672c02ce61d7a64795e9cf44146a6e753e5d889c3bfa360d6cd2d
-
SHA512
f0c845e941b7af77db60447c4e04a0a693e5327f58baff19fa9da2fcc28eecf18743c000d36eca32ba82bdf6dbd620e6517c064023fcb11fe48f9a88e8f9be79
-
SSDEEP
12288:kbqkjZS1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTy81MOU7qOkQR1:kbqkjZSqxYjxoArwQobmMKpiOUFkK1
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-