Overview

overview

10

Static

static

3

JaffaCakes...b5.dll

windows7-x64

10

JaffaCakes...b5.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_18c7f048398041da1ecc15df86a26369d1a1e5e393ff60af6486bc6390db0db5

  • Size

    177KB

  • Sample

    241223-wrnpwswrgq

  • MD5

    0d6b82ce3a75d4727c6f79cc7b4965cc

  • SHA1

    e1cc87cdde447398bef502cca899a31d35e13911

  • SHA256

    18c7f048398041da1ecc15df86a26369d1a1e5e393ff60af6486bc6390db0db5

  • SHA512

    29a1da90a9aa57e7b9b1d3b375d1e3e8dc05e8eecfe98c81cde8364914938b42b36d2181c9c1e75c0cad9ee0cdd2b7f02476f2568825d9d81ec6f154358e9612

  • SSDEEP

    3072:nuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:jzWxkOP4p2EesvcDi6DOHPJ

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_18c7f048398041da1ecc15df86a26369d1a1e5e393ff60af6486bc6390db0db5

    • Size

      177KB

    • MD5

      0d6b82ce3a75d4727c6f79cc7b4965cc

    • SHA1

      e1cc87cdde447398bef502cca899a31d35e13911

    • SHA256

      18c7f048398041da1ecc15df86a26369d1a1e5e393ff60af6486bc6390db0db5

    • SHA512

      29a1da90a9aa57e7b9b1d3b375d1e3e8dc05e8eecfe98c81cde8364914938b42b36d2181c9c1e75c0cad9ee0cdd2b7f02476f2568825d9d81ec6f154358e9612

    • SSDEEP

      3072:nuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:jzWxkOP4p2EesvcDi6DOHPJ

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks