General
-
Target
JaffaCakes118_77c0370c24a1367275339e2821719f93
-
Size
664KB
-
Sample
250104-fkp2dasrex
-
MD5
77c0370c24a1367275339e2821719f93
-
SHA1
c76c7848610bdcfab449d8bc8335a8bec0438749
-
SHA256
1f6f354fbb56aca3901760df6d9b82e3db159cde178e33403783151b4bba6bfb
-
SHA512
2158a15a63b9572076e8fe23489b0fe678b9d489c12af0d61239f2be2f42efbbce45641f502a59a3afa90d802b47ea85c3aca4c3bb5f2e805c7ab79fb46fe4c6
-
SSDEEP
12288:E/0Qzqf0emi48bM+6TFKywVt6PbEYU0eyJTT/Mu9oV01ufoaEPE:C0zhmIn6TFKywvCbEOxDMu9oyBaEPE
Malware Config
Extracted
dridex
10222
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
JaffaCakes118_77c0370c24a1367275339e2821719f93
-
Size
664KB
-
MD5
77c0370c24a1367275339e2821719f93
-
SHA1
c76c7848610bdcfab449d8bc8335a8bec0438749
-
SHA256
1f6f354fbb56aca3901760df6d9b82e3db159cde178e33403783151b4bba6bfb
-
SHA512
2158a15a63b9572076e8fe23489b0fe678b9d489c12af0d61239f2be2f42efbbce45641f502a59a3afa90d802b47ea85c3aca4c3bb5f2e805c7ab79fb46fe4c6
-
SSDEEP
12288:E/0Qzqf0emi48bM+6TFKywVt6PbEYU0eyJTT/Mu9oV01ufoaEPE:C0zhmIn6TFKywvCbEOxDMu9oyBaEPE
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-