Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5ef643c06d606faf37ca3b390ce33640_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240720-em5zyaygnh

  • MD5

    5ef643c06d606faf37ca3b390ce33640

  • SHA1

    5be3ececaadf0c150d9b82c78f86757e8041e14d

  • SHA256

    d9a0123b23593accbbcdb0fcec0e521b3da8a69a7cc59dfaf847173e8128d708

  • SHA512

    ce11bdd9d50e5a32d182e9a117b37dca85e1b05ac2c3d995e3ede12c738e1dfc64ce10907836ce5bcd65e5d1b02effbadfbbd667b0c3b3f0b62aebe62eea40cf

  • SSDEEP

    24576:ItumPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCftZgugu:y3Pvo/3G9XNr2A38XhDTkpftZgugu

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain
rc4.plain

Targets

    • Target

      5ef643c06d606faf37ca3b390ce33640_JaffaCakes118

    • Size

      1.0MB

    • MD5

      5ef643c06d606faf37ca3b390ce33640

    • SHA1

      5be3ececaadf0c150d9b82c78f86757e8041e14d

    • SHA256

      d9a0123b23593accbbcdb0fcec0e521b3da8a69a7cc59dfaf847173e8128d708

    • SHA512

      ce11bdd9d50e5a32d182e9a117b37dca85e1b05ac2c3d995e3ede12c738e1dfc64ce10907836ce5bcd65e5d1b02effbadfbbd667b0c3b3f0b62aebe62eea40cf

    • SSDEEP

      24576:ItumPtwAiyvA/7bGIkFXNr9ypZQf3E/DzLhukd5TkWCftZgugu:y3Pvo/3G9XNr2A38XhDTkpftZgugu

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks