General
-
Target
a6f5f2b9fc72e1abeffb740af8e31451_JaffaCakes118
-
Size
1.0MB
-
Sample
240818-rg86mazelm
-
MD5
a6f5f2b9fc72e1abeffb740af8e31451
-
SHA1
f0553bc14c11246e7bdc09e73ca76aaf7ef174f7
-
SHA256
810e2664f6bee2c5ddb2bfaf4c0969e4aaeb4d02e53321507b9d30bd448cf568
-
SHA512
5b481a85533a64d30d8558eab01b885c2e82e5a7a27d9a967107c323ea0f7ce8b84396a81f99bdb0612c1e6cfa8c8d245d6e083c34aca7ffc549b21843740679
-
SSDEEP
24576:d0umPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCfyZgugu:O3Pvo/3G9XNr2A38XhDTkpfyZgugu
Malware Config
Extracted
dridex
10444
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Targets
-
-
Target
a6f5f2b9fc72e1abeffb740af8e31451_JaffaCakes118
-
Size
1.0MB
-
MD5
a6f5f2b9fc72e1abeffb740af8e31451
-
SHA1
f0553bc14c11246e7bdc09e73ca76aaf7ef174f7
-
SHA256
810e2664f6bee2c5ddb2bfaf4c0969e4aaeb4d02e53321507b9d30bd448cf568
-
SHA512
5b481a85533a64d30d8558eab01b885c2e82e5a7a27d9a967107c323ea0f7ce8b84396a81f99bdb0612c1e6cfa8c8d245d6e083c34aca7ffc549b21843740679
-
SSDEEP
24576:d0umPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCfyZgugu:O3Pvo/3G9XNr2A38XhDTkpfyZgugu
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-