General
-
Target
JaffaCakes118_a946fdd57831a6edfbc23186d599e9e6
-
Size
608KB
-
Sample
250105-rejg7awmdz
-
MD5
a946fdd57831a6edfbc23186d599e9e6
-
SHA1
b68db0d73e0e5d04ea276c09d27fa3bfa8fdb990
-
SHA256
409c2d9aa53c4ed61ccf1830b0f5852e527142aaf0db3c84a22463b8015dbe47
-
SHA512
ec193ffff728cd33551e9237da9481c0fcce538f6daf963c6c9b617122920b98c37887a9d82bf7e37a978ed15561cf11196f6542700a078a2144fd9597b431c4
-
SSDEEP
12288:5ZGQdqOGyiJqydLqQSeCqsVK8kPRGO35N9mVazXc6F:5Z0BWjeCVVK8kP9N9ouv
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
JaffaCakes118_a946fdd57831a6edfbc23186d599e9e6
-
Size
608KB
-
MD5
a946fdd57831a6edfbc23186d599e9e6
-
SHA1
b68db0d73e0e5d04ea276c09d27fa3bfa8fdb990
-
SHA256
409c2d9aa53c4ed61ccf1830b0f5852e527142aaf0db3c84a22463b8015dbe47
-
SHA512
ec193ffff728cd33551e9237da9481c0fcce538f6daf963c6c9b617122920b98c37887a9d82bf7e37a978ed15561cf11196f6542700a078a2144fd9597b431c4
-
SSDEEP
12288:5ZGQdqOGyiJqydLqQSeCqsVK8kPRGO35N9mVazXc6F:5Z0BWjeCVVK8kP9N9ouv
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-