Overview

overview

10

Static

static

3

JaffaCakes...8b.dll

windows7-x64

10

JaffaCakes...8b.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_84c60e58e7e7db8827335837c2b0143d4f62abe1715c597073cd6631e099158b

  • Size

    184KB

  • Sample

    241223-vfv46avphz

  • MD5

    a86e0a6e760628854b246a3e7278956f

  • SHA1

    602e067c2484f285274c54e7cfbb4e7f6e5dbdf6

  • SHA256

    84c60e58e7e7db8827335837c2b0143d4f62abe1715c597073cd6631e099158b

  • SHA512

    ebd1dae5457e85f65e9d4a9d947dc276e35e7deb8c0a38bd29e844a3b60c3dce0d09fac7ec4f0cea06317a9660dd92524c937aa5ac108294c7cb19ee70dc2b6f

  • SSDEEP

    3072:NiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoClzoxss7:NiLVCIT4WK2z1W+CUHZj4Skq/eaoooC

Score
10/10
dridex22202botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_84c60e58e7e7db8827335837c2b0143d4f62abe1715c597073cd6631e099158b

    • Size

      184KB

    • MD5

      a86e0a6e760628854b246a3e7278956f

    • SHA1

      602e067c2484f285274c54e7cfbb4e7f6e5dbdf6

    • SHA256

      84c60e58e7e7db8827335837c2b0143d4f62abe1715c597073cd6631e099158b

    • SHA512

      ebd1dae5457e85f65e9d4a9d947dc276e35e7deb8c0a38bd29e844a3b60c3dce0d09fac7ec4f0cea06317a9660dd92524c937aa5ac108294c7cb19ee70dc2b6f

    • SSDEEP

      3072:NiLVj+luuUXoPOK2z1WPRgg5YbW+d0Ojk1bSA5q/eaoClzoxss7:NiLVCIT4WK2z1W+CUHZj4Skq/eaoooC

    Score
    10/10
    dridex22202botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks