Overview

overview

10

Static

static

3

JaffaCakes...0b.dll

windows7-x64

10

JaffaCakes...0b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ee256ac6660e9eecbb5a069d9840124b64a858990de745c0492076ff40f8a50b

  • Size

    161KB

  • Sample

    241223-2sre3atrer

  • MD5

    a753aca4b1b5004bb2ce24e562b5179a

  • SHA1

    fe9fbf440c70693c78dea35b813afe7ad50b8583

  • SHA256

    ee256ac6660e9eecbb5a069d9840124b64a858990de745c0492076ff40f8a50b

  • SHA512

    955137091099a4fc7016668fa3caecfbcfe9279189384327bf5880cc310cfc59a4e79a98c9277dd7b9242e9f443262ef5ba7a3424960792339df52b926db6e47

  • SSDEEP

    3072:vd63mpMBf4M8+pwhukvhU7fWaX/77/DZgTmbg+MGaFplA33VBrUnCx3:Fa/jkvhSlP/7bg8aFnA3brd

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_ee256ac6660e9eecbb5a069d9840124b64a858990de745c0492076ff40f8a50b

    • Size

      161KB

    • MD5

      a753aca4b1b5004bb2ce24e562b5179a

    • SHA1

      fe9fbf440c70693c78dea35b813afe7ad50b8583

    • SHA256

      ee256ac6660e9eecbb5a069d9840124b64a858990de745c0492076ff40f8a50b

    • SHA512

      955137091099a4fc7016668fa3caecfbcfe9279189384327bf5880cc310cfc59a4e79a98c9277dd7b9242e9f443262ef5ba7a3424960792339df52b926db6e47

    • SSDEEP

      3072:vd63mpMBf4M8+pwhukvhU7fWaX/77/DZgTmbg+MGaFplA33VBrUnCx3:Fa/jkvhSlP/7bg8aFnA3brd

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks