General

  • Target

    JaffaCakes118_02e7431726e3fda48175cd037eced9a8

  • Size

    2.1MB

  • Sample

    250513-ekslts1ls8

  • MD5

    02e7431726e3fda48175cd037eced9a8

  • SHA1

    794d19f5a5ce0eac7d8b9088ca5b24b80e656127

  • SHA256

    366dbc0eb1fbaecddd96c34c74f4ee9fbfade60a296154a194134592a35ae235

  • SHA512

    7003564808e19283585acc82c1ca30701c41507e66373ae60487c7f62fbad72d7a95eda5ead975435008f747be303d825d9ccd6aeaa77fb40972ebf72619fe08

  • SSDEEP

    12288:mVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:7fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      JaffaCakes118_02e7431726e3fda48175cd037eced9a8

    • Size

      2.1MB

    • MD5

      02e7431726e3fda48175cd037eced9a8

    • SHA1

      794d19f5a5ce0eac7d8b9088ca5b24b80e656127

    • SHA256

      366dbc0eb1fbaecddd96c34c74f4ee9fbfade60a296154a194134592a35ae235

    • SHA512

      7003564808e19283585acc82c1ca30701c41507e66373ae60487c7f62fbad72d7a95eda5ead975435008f747be303d825d9ccd6aeaa77fb40972ebf72619fe08

    • SSDEEP

      12288:mVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:7fP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v16

Tasks