dridex | 0df9a145e0f6468dc66c922f1a626666_JaffaCakes118

General

Target

0df9a145e0f6468dc66c922f1a626666_JaffaCakes118
Size

132KB
MD5

0df9a145e0f6468dc66c922f1a626666
SHA1

87a0e8664296e154b64e918edd6af10f8a5cd64d
SHA256

c673fa43b6abff8a69b868f634a113e86eacdc7209d2193f8ec340e32108e34f
SHA512

af13ff8cfe44c570522cd2313f6ecab90d1862dc4d5199acd5146a9a9e0b49b95a3e0dbfb388fba6cade5db30ae9cfae4209e0392823a2eec7bf3b1f8ba2c8f5
SSDEEP

3072:/QaU1oKUNYxDipNZlZ477uUfa6oRurlMrcopa:/1U1oxNYxDifvqWKV0uqp

Score

10^/10

botnet loader 22202 dridex

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

116.203.55.59:443

213.190.4.223:9217

51.178.61.60:6602

rc4.plain

Signatures

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

resource	yara_rule
sample	dridex_ldr

Dridex family
dridex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0df9a145e0f6468dc66c922f1a626666_JaffaCakes118

Files

0df9a145e0f6468dc66c922f1a626666_JaffaCakes118
.dll windows:6 windows x86 arch:x86

68b66fd5fe2322f1f5fcb9cf4ede12bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
IsBadReadPtr
HeapValidate
GetStringTypeA
GetStartupInfoA
GetLocaleInfoA
LoadLibraryA
GetConsoleOutputCP
FreeEnvironmentStringsA
FlushFileBuffers
DebugBreak
CreateFileA
GetLastError
GetEnvironmentStrings
OutputDebugStringA

user32

MessageBoxW

advapi32

GetUserNameW

Exports

Exports

HidD_FlushQueue
HidD_GetAttributes
HidD_GetFeature
HidD_GetFeature
HidD_GetHidGuid
HidD_Hello
HidP_SetData

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

68b66fd5fe2322f1f5fcb9cf4ede12bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 4KB

.CRT Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB