General

  • Target

    1452f13dc50be7b78017d4984f0b98c2_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-mbsjgaveke

  • MD5

    1452f13dc50be7b78017d4984f0b98c2

  • SHA1

    df176b802a4a5c9d9bad302c5116b7688c219859

  • SHA256

    3fd4e602beb3bc04479f55c761c27cb0ef1d8011db499266eb6615d75d53c067

  • SHA512

    af5e290af613a833236deb680d3bff9be6cfc60a71f0581edc7b15351cf385c79d5053366e39597030334dc6a3d7a62f32cc01ace478b9640c4fa4fdc28e5d4b

  • SSDEEP

    24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

Malware Config

Targets

    • Target

      1452f13dc50be7b78017d4984f0b98c2_JaffaCakes118

    • Size

      1.2MB

    • MD5

      1452f13dc50be7b78017d4984f0b98c2

    • SHA1

      df176b802a4a5c9d9bad302c5116b7688c219859

    • SHA256

      3fd4e602beb3bc04479f55c761c27cb0ef1d8011db499266eb6615d75d53c067

    • SHA512

      af5e290af613a833236deb680d3bff9be6cfc60a71f0581edc7b15351cf385c79d5053366e39597030334dc6a3d7a62f32cc01ace478b9640c4fa4fdc28e5d4b

    • SSDEEP

      24576:yuYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:a9cKrUqZWLAcU

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks