Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_f30d8d558dffd97d269081bf4b6288451c35e19042a241fd872b4c5e708fbee7

  • Size

    161KB

  • Sample

    241222-ye5traxmck

  • MD5

    834f97919d78b37e3445d447bc52790b

  • SHA1

    a80c748386b292dc4e770b9109a223ea2d1a069e

  • SHA256

    f30d8d558dffd97d269081bf4b6288451c35e19042a241fd872b4c5e708fbee7

  • SHA512

    32745e90da899035a6eb92ec62aaed168178b82b10be691e0ad8d5a5b5ea3392008c12bce784f538d03847f9623c77f713759ab60a0ef6c957fb2f5a9c951aca

  • SSDEEP

    3072:91Suywe6x1ACSZEuNtV+TkqDXkyzbMeJRL3CNa/U9fStrveyk8TZgEd2wGkFY:XnS62Fl+pkeJl3CvRStrFl+EYh

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

78.46.73.125:443

185.148.168.26:2303

66.113.160.126:8172

rc4.plain
1
pK5evvTkrtXl1PdUwzbpkX0O3ZxXgoysjCME
rc4.plain
1
ntqn1EkZmmUoYMQPCPRqlhuLwfUs1imUpn8s4TcDWSSsOcwAchuhvuHdgMGmOB84m4IVTx

Targets

    • Target

      JaffaCakes118_f30d8d558dffd97d269081bf4b6288451c35e19042a241fd872b4c5e708fbee7

    • Size

      161KB

    • MD5

      834f97919d78b37e3445d447bc52790b

    • SHA1

      a80c748386b292dc4e770b9109a223ea2d1a069e

    • SHA256

      f30d8d558dffd97d269081bf4b6288451c35e19042a241fd872b4c5e708fbee7

    • SHA512

      32745e90da899035a6eb92ec62aaed168178b82b10be691e0ad8d5a5b5ea3392008c12bce784f538d03847f9623c77f713759ab60a0ef6c957fb2f5a9c951aca

    • SSDEEP

      3072:91Suywe6x1ACSZEuNtV+TkqDXkyzbMeJRL3CNa/U9fStrveyk8TZgEd2wGkFY:XnS62Fl+pkeJl3CvRStrFl+EYh

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.