Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29-08-2024 08:14
General
-
Target
c877524243319a178f38671c3a33eaaf_JaffaCakes118.vbs
-
Size
795KB
-
MD5
c877524243319a178f38671c3a33eaaf
-
SHA1
f5da68a8d5ef7b3fab82e19a8b4c1118c9a109bd
-
SHA256
9e65f5319d3c64a0db0a6c39b4d7be40f98f607c3fb3e5c50d7acc337d2ed4bc
-
SHA512
1f84f9ce971883ac44c41fbfd8bc6e5dd8c987dde594844c0b46613fcc4b74583fefb2d5ff09d7510993bd3502830dc8d9b34ad33a6677fa6a2200cabdb0ee1c
-
SSDEEP
24576:YmKQH76xpqoeAehhxyWgePLlN4dLQwClvxya8Hc6vP3v3EfvPWFkv6j:xexpqcehhxyXwLl+9
Malware Config
Extracted
dridex
89.32.150.160:3389
152.46.8.148:884
69.55.238.203:3389
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Loader 2 IoCs
Detects Dridex both x86 and x64 loader in memory.
-
Executes dropped EXE 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\c877524243319a178f38671c3a33eaaf_JaffaCakes118.vbs"1⤵
-
C:\Users\Admin\AppData\Local\Temp\KqdQZMj.exeC:\Users\Admin\AppData\Local\Temp\KqdQZMj.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260KB
MD5215b7fea557c856169847d694b94beab
SHA1a35185736906211688949cf29acc05722bd2a31a
SHA256cf97f6cc84108eb1c788902abf54f91d1c6398bbaa6df198121031740fb74c8b
SHA5120a7622bc93feb184bf458cef4613f0cddd8d43c7dd415a5599332d42dd9313b14910bf7e08c7f8a1a0e0180dcbfe34bb55a7fd90b773a94f997d47269dbb697c
-
Filesize
264KB
-
Filesize
2.0MB
-
Filesize
264KB