General
-
Target
93bb6e22daed74acd13a9bdc6bcf2f4f_JaffaCakes118
-
Size
643KB
-
Sample
240813-s72d5sxblr
-
MD5
93bb6e22daed74acd13a9bdc6bcf2f4f
-
SHA1
c07c8a0ad5a7255967bd843f81160b59ddeba8ce
-
SHA256
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
-
SHA512
74023766471aabca0fe7e2c810ceb4a2018fac4de4e9e6d4234b88bfea0334112f2ce2a36b097e243389c9ec18e9c5e4b03ac22de5edd151d345bbd137929eb4
-
SSDEEP
12288:vJuCiXptOpGJ95MRYqsiSgOmO7dal70e1iZGZTBgq4PP:vkCm2pE5MRps5h+03GT4
Malware Config
Extracted
dridex
10444
67.79.105.174:3786
51.83.96.87:443
192.175.111.212:14043
45.79.226.106:3098
Targets
-
-
Target
93bb6e22daed74acd13a9bdc6bcf2f4f_JaffaCakes118
-
Size
643KB
-
MD5
93bb6e22daed74acd13a9bdc6bcf2f4f
-
SHA1
c07c8a0ad5a7255967bd843f81160b59ddeba8ce
-
SHA256
b354b40413ec755a51a63ab930860d9078d9ad157f1f18b0d0c441d73bf6691c
-
SHA512
74023766471aabca0fe7e2c810ceb4a2018fac4de4e9e6d4234b88bfea0334112f2ce2a36b097e243389c9ec18e9c5e4b03ac22de5edd151d345bbd137929eb4
-
SSDEEP
12288:vJuCiXptOpGJ95MRYqsiSgOmO7dal70e1iZGZTBgq4PP:vkCm2pE5MRps5h+03GT4
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-