General
-
Target
fb4d330648556b4e4b6ae9daf2b7506e_JaffaCakes118
-
Size
583KB
-
Sample
240928-clg6da1fpr
-
MD5
fb4d330648556b4e4b6ae9daf2b7506e
-
SHA1
cfbfd595ad958311a05de74a0aa5193d5f9f412a
-
SHA256
f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad
-
SHA512
be42b41b73c4f1e1f378e69ff2cde8996530f7dc315cc604c91322d8902d71de639075654a802bc508445316b5fd004113765efd2dab8f35cf3fbd79de12ef71
-
SSDEEP
12288:ar2Dwth2wFbErmalz4V2DqnJAfdre2AhPByUl1rNbgFQbmMZkINi:e2DwthZWlAJAfdrqPBrJgFikd
Malware Config
Extracted
dridex
10555
67.79.105.174:3786
51.83.96.87:443
192.175.111.212:14043
45.79.226.106:3098
Targets
-
-
Target
fb4d330648556b4e4b6ae9daf2b7506e_JaffaCakes118
-
Size
583KB
-
MD5
fb4d330648556b4e4b6ae9daf2b7506e
-
SHA1
cfbfd595ad958311a05de74a0aa5193d5f9f412a
-
SHA256
f6836f62ad98faecbcf1f897397058756a70a4ebf55723c70de32e36a36980ad
-
SHA512
be42b41b73c4f1e1f378e69ff2cde8996530f7dc315cc604c91322d8902d71de639075654a802bc508445316b5fd004113765efd2dab8f35cf3fbd79de12ef71
-
SSDEEP
12288:ar2Dwth2wFbErmalz4V2DqnJAfdre2AhPByUl1rNbgFQbmMZkINi:e2DwthZWlAJAfdrqPBrJgFikd
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-