General

  • Target

    ba9c15b074368f545da5e615c81219ae_JaffaCakes118

  • Size

    168KB

  • Sample

    240823-gnmk4aycpe

  • MD5

    ba9c15b074368f545da5e615c81219ae

  • SHA1

    b079f2a8e4c06118693e52b8e278b2ae7ef5384e

  • SHA256

    332cf63749f3d0d774dd96b408c170846c6cb8ab4c476a91b82cbc379d44d690

  • SHA512

    63b6582db33a6d628517463d03ab077b9c8918e854df935e6312f2165b160c29aba01c98723ccdef4ba0bf13b67b9743104f1f8630febcbf759f8b7ae94df59b

  • SSDEEP

    3072:z+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:z+rGFFlXAAcqj8nHgfOoIdG

Malware Config

Extracted

Family

dridex

Botnet

111

C2

173.203.78.138:443

217.160.107.189:6601

77.220.64.150:5037

rc4.plain
rc4.plain

Targets

    • Target

      ba9c15b074368f545da5e615c81219ae_JaffaCakes118

    • Size

      168KB

    • MD5

      ba9c15b074368f545da5e615c81219ae

    • SHA1

      b079f2a8e4c06118693e52b8e278b2ae7ef5384e

    • SHA256

      332cf63749f3d0d774dd96b408c170846c6cb8ab4c476a91b82cbc379d44d690

    • SHA512

      63b6582db33a6d628517463d03ab077b9c8918e854df935e6312f2165b160c29aba01c98723ccdef4ba0bf13b67b9743104f1f8630febcbf759f8b7ae94df59b

    • SSDEEP

      3072:z+rGFFRCMcyzAAykMPqIaXpZYnvf3gx4wblxLSoIm/H2QKGB2gC:z+rGFFlXAAcqj8nHgfOoIdG

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks