General
-
Target
7b06c3c759dca98845688da6a0feada1_JaffaCakes118
-
Size
785KB
-
Sample
240731-djah7axera
-
MD5
7b06c3c759dca98845688da6a0feada1
-
SHA1
dbb10b7a3bbca728c1e085183a70aa0fa1e72eb7
-
SHA256
e56c7afb6712cd3edda9400e15c8834477a26443575404b22bb92b137289c1b9
-
SHA512
851b3c23e86e2f9925084180bca828c7d9f3f595a3ee683a828d2a8e1726ec6f3f498d1f3be25c231ad7fb6a763d3aff89d6a6e142ea62e9e7df51c3fcc3c4c1
-
SSDEEP
12288:nbqkjZv1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTW81MOU7qOkQR1:nbqkjZvqxYjxoArwQobmMKNiOUFkK1
Malware Config
Extracted
dridex
10444
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Targets
-
-
Target
7b06c3c759dca98845688da6a0feada1_JaffaCakes118
-
Size
785KB
-
MD5
7b06c3c759dca98845688da6a0feada1
-
SHA1
dbb10b7a3bbca728c1e085183a70aa0fa1e72eb7
-
SHA256
e56c7afb6712cd3edda9400e15c8834477a26443575404b22bb92b137289c1b9
-
SHA512
851b3c23e86e2f9925084180bca828c7d9f3f595a3ee683a828d2a8e1726ec6f3f498d1f3be25c231ad7fb6a763d3aff89d6a6e142ea62e9e7df51c3fcc3c4c1
-
SSDEEP
12288:nbqkjZv1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTW81MOU7qOkQR1:nbqkjZvqxYjxoArwQobmMKNiOUFkK1
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-