General

  • Target

    JaffaCakes118_466919f9a9db8c7716843bff4271a9dfe28ed1a586164a9407345e0a1e2d8d76

  • Size

    204KB

  • Sample

    241230-ggddvazncx

  • MD5

    ff27a622cd527ed7c852657f17c3b8f1

  • SHA1

    228bd18b436ffe91987e71d23ab5a0109e9da875

  • SHA256

    466919f9a9db8c7716843bff4271a9dfe28ed1a586164a9407345e0a1e2d8d76

  • SHA512

    5ec86316e41148573ea2f95475b54ca5b876542e277a118aed36e9d75f04014a86bab57154268bb417fb652fc2d9c999d6625a5fc097413e15725fe2fc8b30ba

  • SSDEEP

    3072:W6FOf6h8i6pdDPvaaeEGObTS/HaoGoK9kN+Jcr9bhrFKL3fJpwZ:WZuX6pEaeEDheWa+Jc9bhorfTw

Malware Config

Extracted

Family

dridex

Botnet

40111

C2

45.58.56.12:443

162.241.54.59:6601

51.91.76.89:2303

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_466919f9a9db8c7716843bff4271a9dfe28ed1a586164a9407345e0a1e2d8d76

    • Size

      204KB

    • MD5

      ff27a622cd527ed7c852657f17c3b8f1

    • SHA1

      228bd18b436ffe91987e71d23ab5a0109e9da875

    • SHA256

      466919f9a9db8c7716843bff4271a9dfe28ed1a586164a9407345e0a1e2d8d76

    • SHA512

      5ec86316e41148573ea2f95475b54ca5b876542e277a118aed36e9d75f04014a86bab57154268bb417fb652fc2d9c999d6625a5fc097413e15725fe2fc8b30ba

    • SSDEEP

      3072:W6FOf6h8i6pdDPvaaeEGObTS/HaoGoK9kN+Jcr9bhrFKL3fJpwZ:WZuX6pEaeEDheWa+Jc9bhorfTw

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks