Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4f2a2098a3f8ce01df8d3deac6acb19f_JaffaCakes118

  • Size

    920KB

  • Sample

    240716-t3lnkatglc

  • MD5

    4f2a2098a3f8ce01df8d3deac6acb19f

  • SHA1

    273296690446da612a4aa574513ccb8abeed8d49

  • SHA256

    f4aaca975059e9bd029b5f7b0e7089eef5422aae9c676ab160467ef3424afd2b

  • SHA512

    d89e4ec64339afde208003802c476440bc0c5b06c5b8f6d323c1605f091ce87a5232c52c7eaf6793deef5841b703bc72b99c88a0be12a86360f6c3b3e9a44cd1

  • SSDEEP

    24576:WVWfnaVoffEQmyO378WTkvEKT9Hgce1BHbo+Cm:4uaq34yDWTkvvT9Hgdbo+C

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain
1
3ETNAkkvGIIUWuwxcGp5NodinarBsvL96My1cjpRT0Wxwi
rc4.plain
1
SdXTeFaKInUjedc97Lug8emxuewFwQzbXTVRo5iFDdGEGjCbGTnWc88XoMUh

Targets

    • Target

      4f2a2098a3f8ce01df8d3deac6acb19f_JaffaCakes118

    • Size

      920KB

    • MD5

      4f2a2098a3f8ce01df8d3deac6acb19f

    • SHA1

      273296690446da612a4aa574513ccb8abeed8d49

    • SHA256

      f4aaca975059e9bd029b5f7b0e7089eef5422aae9c676ab160467ef3424afd2b

    • SHA512

      d89e4ec64339afde208003802c476440bc0c5b06c5b8f6d323c1605f091ce87a5232c52c7eaf6793deef5841b703bc72b99c88a0be12a86360f6c3b3e9a44cd1

    • SSDEEP

      24576:WVWfnaVoffEQmyO378WTkvEKT9Hgce1BHbo+Cm:4uaq34yDWTkvvT9Hgdbo+C

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.