dridex | e5a341348ce8322f94ea8ebd0d899e2a_JaffaCakes118 | Triage

Sharing

General

Target

e5a341348ce8322f94ea8ebd0d899e2a_JaffaCakes118
Size

244KB
MD5

e5a341348ce8322f94ea8ebd0d899e2a
SHA1

3aa246583b5c23cf99cd29eefd85fe89c93ed9d3
SHA256

2dc73ab125bbcfcaa2ad81debaa45da08adcfe021761d04c606812bf3748df68
SHA512

daf64b2114dd09a581c219a1f8dce23b28c67d4c625e65eee58348ee472dc3dab1ff926edc589972f80f96cdec1f7bd50161904b7950c348cf26b230db32158d
SSDEEP

3072:cGH53A7kiOzJfpjPFO5k8Rbp9ieXF7AdJhCScQHltiVAjc77zOaYNk55xqKTi:3sMTUb7AFc7WTWq

Score

10^/10

10444 dridex

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

151.236.219.181:443

142.4.6.57:14043

162.144.127.197:3786

103.40.116.68:5443

rc4.plain

rc4.plain

Signatures

Dridex family
dridex

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5a341348ce8322f94ea8ebd0d899e2a_JaffaCakes118

Files

e5a341348ce8322f94ea8ebd0d899e2a_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

1e514447f004e9505dc193777ba8a65d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
Sleep

Exports

Exports

DllRegisterServer

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ