Overview

overview

10

Static

static

3

JaffaCakes...b8.dll

windows7-x64

10

JaffaCakes...b8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_71b890d32e19659909fe71afc56388560f3c7b046a53e88d826502dcb53ac9b8

  • Size

    188KB

  • Sample

    241223-vye6nawkhr

  • MD5

    b1c91022f76c01c1120782025200f77f

  • SHA1

    e62c342445c619f790c9dc07039322e03d82f765

  • SHA256

    71b890d32e19659909fe71afc56388560f3c7b046a53e88d826502dcb53ac9b8

  • SHA512

    49d303cad793770a8116feeb956718d8ec5f2da74ba03ce89454ce5d494040f7e85a7f03f2bddd06557ca7f4882eb6f61eca61d30d39129c2cbd784ec3e90132

  • SSDEEP

    3072:pteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:lq7fYIHBZkTB6DWruUCOwjt

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_71b890d32e19659909fe71afc56388560f3c7b046a53e88d826502dcb53ac9b8

    • Size

      188KB

    • MD5

      b1c91022f76c01c1120782025200f77f

    • SHA1

      e62c342445c619f790c9dc07039322e03d82f765

    • SHA256

      71b890d32e19659909fe71afc56388560f3c7b046a53e88d826502dcb53ac9b8

    • SHA512

      49d303cad793770a8116feeb956718d8ec5f2da74ba03ce89454ce5d494040f7e85a7f03f2bddd06557ca7f4882eb6f61eca61d30d39129c2cbd784ec3e90132

    • SSDEEP

      3072:pteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzA9qM:lq7fYIHBZkTB6DWruUCOwjt

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks