General
-
Target
JaffaCakes118_a1a3b946075a3489c8818faed0aca96c
-
Size
608KB
-
Sample
250108-qlexxa1mgy
-
MD5
a1a3b946075a3489c8818faed0aca96c
-
SHA1
157f31f3d59feeef8bb831020b64080d4b6d7caf
-
SHA256
7e42753224dbf7454c640f36626f0b8fd00bfb7c9d805d6b1631b0f5ea60d9c3
-
SHA512
be938eb5a0856abafea1c69fa7be71533bcaae6a65c45cd5196ca7b7404275e54a20bd7f6f3bbc296c44fab7836affb58193f132d1d4ff843a460e3293072a87
-
SSDEEP
12288:xZGQdqOGQ8JqydLqQSeCqsVK8kPRGO35N9mVEzXc6:xZ0ZWjeCVVK8kP9N9oI
Malware Config
Extracted
dridex
10444
174.128.245.202:443
51.83.3.52:13786
69.64.50.41:6602
Targets
-
-
Target
JaffaCakes118_a1a3b946075a3489c8818faed0aca96c
-
Size
608KB
-
MD5
a1a3b946075a3489c8818faed0aca96c
-
SHA1
157f31f3d59feeef8bb831020b64080d4b6d7caf
-
SHA256
7e42753224dbf7454c640f36626f0b8fd00bfb7c9d805d6b1631b0f5ea60d9c3
-
SHA512
be938eb5a0856abafea1c69fa7be71533bcaae6a65c45cd5196ca7b7404275e54a20bd7f6f3bbc296c44fab7836affb58193f132d1d4ff843a460e3293072a87
-
SSDEEP
12288:xZGQdqOGQ8JqydLqQSeCqsVK8kPRGO35N9mVEzXc6:xZ0ZWjeCVVK8kP9N9oI
Score10/10-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex family
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-