General

  • Target

    fdb4c2455d1331b2dfabc9289a812295_JaffaCakes118

  • Size

    785KB

  • Sample

    240929-dycl4a1brd

  • MD5

    fdb4c2455d1331b2dfabc9289a812295

  • SHA1

    9ef8137c6ee3f3e557db5f7273e3182ee01c7b1b

  • SHA256

    27b893ce0883e5a82db4ffb3833e9c0e153c50e53dcc38a96f4a3e3e73f9c4c5

  • SHA512

    af80fe24fcd13f97e9f198aabd26288108cb093d7950003ef5ec27ac61d57e29c36879a4722f47e9edffb1c762999af7381cd6a0f9edd08cfeb015ba7f90be1a

  • SSDEEP

    12288:EbqkjZG1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKT+81MOU7qOkQR1:EbqkjZGqxYjxoArwQobmMKViOUFkK1

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain
rc4.plain

Targets

    • Target

      fdb4c2455d1331b2dfabc9289a812295_JaffaCakes118

    • Size

      785KB

    • MD5

      fdb4c2455d1331b2dfabc9289a812295

    • SHA1

      9ef8137c6ee3f3e557db5f7273e3182ee01c7b1b

    • SHA256

      27b893ce0883e5a82db4ffb3833e9c0e153c50e53dcc38a96f4a3e3e73f9c4c5

    • SHA512

      af80fe24fcd13f97e9f198aabd26288108cb093d7950003ef5ec27ac61d57e29c36879a4722f47e9edffb1c762999af7381cd6a0f9edd08cfeb015ba7f90be1a

    • SSDEEP

      12288:EbqkjZG1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKT+81MOU7qOkQR1:EbqkjZGqxYjxoArwQobmMKViOUFkK1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks