Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5cb98dc4e31e1e09b9ecf06a5fbc75f2_JaffaCakes118

  • Size

    785KB

  • Sample

    240719-txrbvstbqb

  • MD5

    5cb98dc4e31e1e09b9ecf06a5fbc75f2

  • SHA1

    4f8d8d02dbfbd65b7c24d46c0439ee245941470a

  • SHA256

    4e8b50459a8033a3e81008fe1e01df1997193d59f1012125325ee127281f387d

  • SHA512

    3a97dbed4172bdc59f505dc79fb67cf394eb2701c7ea2dc8778ebb97426f4bfb89031fc0667b3fe964f7b18e4561ce6e7aba840a412f654c24257bf7f9e30c6a

  • SSDEEP

    12288:vbqkjZw1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTO81MOU7qOkQR1:vbqkjZwqxYjxoArwQobmMKFiOUFkK1

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain
rc4.plain

Targets

    • Target

      5cb98dc4e31e1e09b9ecf06a5fbc75f2_JaffaCakes118

    • Size

      785KB

    • MD5

      5cb98dc4e31e1e09b9ecf06a5fbc75f2

    • SHA1

      4f8d8d02dbfbd65b7c24d46c0439ee245941470a

    • SHA256

      4e8b50459a8033a3e81008fe1e01df1997193d59f1012125325ee127281f387d

    • SHA512

      3a97dbed4172bdc59f505dc79fb67cf394eb2701c7ea2dc8778ebb97426f4bfb89031fc0667b3fe964f7b18e4561ce6e7aba840a412f654c24257bf7f9e30c6a

    • SSDEEP

      12288:vbqkjZw1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTO81MOU7qOkQR1:vbqkjZwqxYjxoArwQobmMKFiOUFkK1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks