General

  • Target

    JaffaCakes118_028dd53e521e63d133db32beb8128c61

  • Size

    3.0MB

  • Sample

    250512-s9qenaej5y

  • MD5

    028dd53e521e63d133db32beb8128c61

  • SHA1

    836a4f7be0e5514558380c2313d1132dfac1abae

  • SHA256

    c9be0cdfd49df880d40c490862cab28d4f407c2b2074ecf84ef0aeeb73418f2e

  • SHA512

    6e9cecb7994025533322dc9c229151b57383e69210b8e55b511fac37aa909d5a9758d743f12861646121e4d4616a0658e9e95cb2c96f4aeb0a1176ff546274e1

  • SSDEEP

    12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      JaffaCakes118_028dd53e521e63d133db32beb8128c61

    • Size

      3.0MB

    • MD5

      028dd53e521e63d133db32beb8128c61

    • SHA1

      836a4f7be0e5514558380c2313d1132dfac1abae

    • SHA256

      c9be0cdfd49df880d40c490862cab28d4f407c2b2074ecf84ef0aeeb73418f2e

    • SHA512

      6e9cecb7994025533322dc9c229151b57383e69210b8e55b511fac37aa909d5a9758d743f12861646121e4d4616a0658e9e95cb2c96f4aeb0a1176ff546274e1

    • SSDEEP

      12288:bVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:6fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v16

Tasks