Overview

overview

10

Static

static

3

ce416e5df0...18.dll

windows7-x64

10

ce416e5df0...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce416e5df0cff11d5bc7a8c7956b5f80_JaffaCakes118

  • Size

    920KB

  • Sample

    240906-axsp5swfpj

  • MD5

    ce416e5df0cff11d5bc7a8c7956b5f80

  • SHA1

    7d5b6864355c27f79ee535b7d2c9e3b1c7c42147

  • SHA256

    96b51e628389b4044eb4c4d262deadbcfa778db13a7768ab7806b0e1f81d2ebf

  • SHA512

    9cee601e8583a2eff2fc6beecc3d7ecb4f3b3282b7a1d5289729b4b28d40066fbc201479f12e51705b249c3413f69b10751026bf2a76e13fc48c3eaba3488826

  • SSDEEP

    24576:brWfnaVoffEQmyO378WTkvEKT9Hgce1BHbobCm:Huaq34yDWTkvvT9HgdbobC

Score
10/10
dridex10444botnetdiscoveryevasiontrojan

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516
rc4.plain
rc4.plain

Targets

    • Target

      ce416e5df0cff11d5bc7a8c7956b5f80_JaffaCakes118

    • Size

      920KB

    • MD5

      ce416e5df0cff11d5bc7a8c7956b5f80

    • SHA1

      7d5b6864355c27f79ee535b7d2c9e3b1c7c42147

    • SHA256

      96b51e628389b4044eb4c4d262deadbcfa778db13a7768ab7806b0e1f81d2ebf

    • SHA512

      9cee601e8583a2eff2fc6beecc3d7ecb4f3b3282b7a1d5289729b4b28d40066fbc201479f12e51705b249c3413f69b10751026bf2a76e13fc48c3eaba3488826

    • SSDEEP

      24576:brWfnaVoffEQmyO378WTkvEKT9Hgce1BHbobCm:Huaq34yDWTkvvT9HgdbobC

    Score
    10/10
    dridex10444botnetdiscoveryevasiontrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks