General

  • Target

    JaffaCakes118_0333a086630efc962ca5df09995b73a0

  • Size

    1.7MB

  • Sample

    250513-szsr2adj7s

  • MD5

    0333a086630efc962ca5df09995b73a0

  • SHA1

    bb9125d7c8c03971c1abe8c63bc4d56132a89b53

  • SHA256

    5e9d6e890d9559bd0de0f871f41462ef3cc38ca7dc9a2c949b3a98301c4b1931

  • SHA512

    92e8b33e7c522e1a91a123297ad7225add0bd0960f844237a43a65b9820eee750426614438b6a0508d23aaab64c8e237f92569f8a888d5f4a770b034d359f317

  • SSDEEP

    12288:SVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:PfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

Malware Config

Targets

    • Target

      JaffaCakes118_0333a086630efc962ca5df09995b73a0

    • Size

      1.7MB

    • MD5

      0333a086630efc962ca5df09995b73a0

    • SHA1

      bb9125d7c8c03971c1abe8c63bc4d56132a89b53

    • SHA256

      5e9d6e890d9559bd0de0f871f41462ef3cc38ca7dc9a2c949b3a98301c4b1931

    • SHA512

      92e8b33e7c522e1a91a123297ad7225add0bd0960f844237a43a65b9820eee750426614438b6a0508d23aaab64c8e237f92569f8a888d5f4a770b034d359f317

    • SSDEEP

      12288:SVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:PfP7fWsK5z9A+WGAW+V5SB6Ct4bnb

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Shellcode

      Detects Dridex Payload shellcode injected in Explorer process.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v16

Tasks