General

  • Target

    JaffaCakes118_27161434e84e258ee09d7b472052965c

  • Size

    1.1MB

  • Sample

    241231-tk5nqaxrdy

  • MD5

    27161434e84e258ee09d7b472052965c

  • SHA1

    8d3c14960b77a4796d7e1c44b48c4e06dfda645b

  • SHA256

    c567bcfe50a6894d43a4b85b302b6f76dc6376d64eb60270e92617a20c5a789c

  • SHA512

    53b593cf1065ce170a5b077ee5646398c74c57801785baed5fe2afe604abd3d870eee5d56cbdb7762f57a642da95c00833ce1fd1f4bb13fb97e56b48ac8c9b87

  • SSDEEP

    12288:2dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:wMIJxSDX3bqjhcfHk7MzH6z

Malware Config

Targets

    • Target

      JaffaCakes118_27161434e84e258ee09d7b472052965c

    • Size

      1.1MB

    • MD5

      27161434e84e258ee09d7b472052965c

    • SHA1

      8d3c14960b77a4796d7e1c44b48c4e06dfda645b

    • SHA256

      c567bcfe50a6894d43a4b85b302b6f76dc6376d64eb60270e92617a20c5a789c

    • SHA512

      53b593cf1065ce170a5b077ee5646398c74c57801785baed5fe2afe604abd3d870eee5d56cbdb7762f57a642da95c00833ce1fd1f4bb13fb97e56b48ac8c9b87

    • SSDEEP

      12288:2dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:wMIJxSDX3bqjhcfHk7MzH6z

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Dridex payload

      Detects Dridex x64 core DLL in memory.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks