General

  • Target

    93bb6e22daed74acd13a9bdc6bcf2f4f_JaffaCakes118

  • Size

    643KB

  • Sample

    240813-s72d5sxblr

  • MD5

    93bb6e22daed74acd13a9bdc6bcf2f4f

  • SHA1

    c07c8a0ad5a7255967bd843f81160b59ddeba8ce

  • SHA256

    b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c

  • SHA512

    74023766471aabca0fe7e2c810ceb4a2018fac4de4e9e6d4234b88bfea0334112f2ce2a36b097e243389c9ec18e9c5e4b03ac22de5edd151d345bbd137929eb4

  • SSDEEP

    12288:vJuCiXptOpGJ95MRYqsiSgOmO7dal70e1iZGZTBgq4PP:vkCm2pE5MRps5h+03GT4

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

67.79.105.174:3786

51.83.96.87:443

192.175.111.212:14043

45.79.226.106:3098

rc4.plain
1
r8Vpe8Wo7O4F21sbGvZ4WNOZGKCMcNjFkcvzakiUCRCbfvYdjTzr
rc4.plain
1
YG0Qgdg6rhk1i16QqvOENZGZS65CtVpWzr9Rjj5YqT6cydB2aQSaEy

Targets

    • Target

      93bb6e22daed74acd13a9bdc6bcf2f4f_JaffaCakes118

    • Size

      643KB

    • MD5

      93bb6e22daed74acd13a9bdc6bcf2f4f

    • SHA1

      c07c8a0ad5a7255967bd843f81160b59ddeba8ce

    • SHA256

      b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c

    • SHA512

      74023766471aabca0fe7e2c810ceb4a2018fac4de4e9e6d4234b88bfea0334112f2ce2a36b097e243389c9ec18e9c5e4b03ac22de5edd151d345bbd137929eb4

    • SSDEEP

      12288:vJuCiXptOpGJ95MRYqsiSgOmO7dal70e1iZGZTBgq4PP:vkCm2pE5MRps5h+03GT4

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.