General
-
Target
c98532eda83e7b04cdbaad0f586525a8_JaffaCakes118
-
Size
1.0MB
-
Sample
240829-yl78fszfln
-
MD5
c98532eda83e7b04cdbaad0f586525a8
-
SHA1
def1ecfb83af629015b1e09c8b82250448d4af70
-
SHA256
89a2ccce9769778a17ce0457f0a1ed59232dda52706952f1c07e1fd3953ffb99
-
SHA512
dd707356a610b304b8b9c0ab9a428b6aadd8b9e65ea8e407e40859efc7e643a590fa634edf289e1db2789338703025288afc455ab247e51c48c5fc7f6d2df626
-
SSDEEP
24576:T5umPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCfAZgugu:F3Pvo/3G9XNr2A38XhDTkpfAZgugu
Malware Config
Extracted
dridex
10444
209.20.87.138:443
198.1.115.153:8172
151.236.29.248:6516
Targets
-
-
Target
c98532eda83e7b04cdbaad0f586525a8_JaffaCakes118
-
Size
1.0MB
-
MD5
c98532eda83e7b04cdbaad0f586525a8
-
SHA1
def1ecfb83af629015b1e09c8b82250448d4af70
-
SHA256
89a2ccce9769778a17ce0457f0a1ed59232dda52706952f1c07e1fd3953ffb99
-
SHA512
dd707356a610b304b8b9c0ab9a428b6aadd8b9e65ea8e407e40859efc7e643a590fa634edf289e1db2789338703025288afc455ab247e51c48c5fc7f6d2df626
-
SSDEEP
24576:T5umPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCfAZgugu:F3Pvo/3G9XNr2A38XhDTkpfAZgugu
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-