General
-
Target
c2d135c46be54f5d97472fb8324e0964_JaffaCakes118
-
Size
711KB
-
Sample
240826-mnmtrayfpe
-
MD5
c2d135c46be54f5d97472fb8324e0964
-
SHA1
5ddc207927c28fa1a73abdb597a6a3dd8d9dd001
-
SHA256
ad57a98c5acd3e57347823f9b7febc64c758b64e7a25362e6462838df22e03b9
-
SHA512
7b28f140d726ca03fbd74a6f087494b94dbee15ff6854570abbefce0a86670a27d41141d59ad90a0d763fa62553e81c78331ac50d91b1cbe112212578035a861
-
SSDEEP
12288:0lXKhZVSOww88nuNgEGyKw9lQJm4Drh0XJWhPJjiHYgPa8BvxY:iyLwVROPXwH+Dt0gPJji9P9Y
Malware Config
Extracted
dridex
10444
77.220.64.132:443
212.227.53.240:5037
192.241.174.45:8172
Targets
-
-
Target
c2d135c46be54f5d97472fb8324e0964_JaffaCakes118
-
Size
711KB
-
MD5
c2d135c46be54f5d97472fb8324e0964
-
SHA1
5ddc207927c28fa1a73abdb597a6a3dd8d9dd001
-
SHA256
ad57a98c5acd3e57347823f9b7febc64c758b64e7a25362e6462838df22e03b9
-
SHA512
7b28f140d726ca03fbd74a6f087494b94dbee15ff6854570abbefce0a86670a27d41141d59ad90a0d763fa62553e81c78331ac50d91b1cbe112212578035a861
-
SSDEEP
12288:0lXKhZVSOww88nuNgEGyKw9lQJm4Drh0XJWhPJjiHYgPa8BvxY:iyLwVROPXwH+Dt0gPJji9P9Y
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-