Overview

overview

10

Static

static

3

JaffaCakes...05.dll

windows7-x64

10

JaffaCakes...05.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a279fa8e67fa59ca3795fd040e771f092614afa7a3ad092b3ec276e07bd4b805

  • Size

    161KB

  • Sample

    241224-bfzmssxnaj

  • MD5

    7bc61ea0f9aa7efb63751d1d275eb24a

  • SHA1

    50a0dfce9c6054bfdc048f78daded4e88d779535

  • SHA256

    a279fa8e67fa59ca3795fd040e771f092614afa7a3ad092b3ec276e07bd4b805

  • SHA512

    679ca95ec7894c470c8a3137f20b105192beea623c77f9c844a67a5f93d9302786350c9562539c31897e800f32257c8e966110ee00e391596f7c9c9ef462c436

  • SSDEEP

    3072:bC63mpMBf4M8+pwhukvhU7fWaX/77/DZgTmbg+MGaFplA33VBrU8Cx3:Wa/jkvhSlP/7bg8aFnA3bra

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_a279fa8e67fa59ca3795fd040e771f092614afa7a3ad092b3ec276e07bd4b805

    • Size

      161KB

    • MD5

      7bc61ea0f9aa7efb63751d1d275eb24a

    • SHA1

      50a0dfce9c6054bfdc048f78daded4e88d779535

    • SHA256

      a279fa8e67fa59ca3795fd040e771f092614afa7a3ad092b3ec276e07bd4b805

    • SHA512

      679ca95ec7894c470c8a3137f20b105192beea623c77f9c844a67a5f93d9302786350c9562539c31897e800f32257c8e966110ee00e391596f7c9c9ef462c436

    • SSDEEP

      3072:bC63mpMBf4M8+pwhukvhU7fWaX/77/DZgTmbg+MGaFplA33VBrU8Cx3:Wa/jkvhSlP/7bg8aFnA3bra

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks