Overview

overview

10

Static

static

1

JaffaCakes...28.dll

windows7-x64

10

JaffaCakes...28.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f68b5edb86690acaddb63a4717d1b1c8807d170efc9a54245b40f23a57d4a328

  • Size

    167KB

  • Sample

    241224-cea4gsyley

  • MD5

    4de4c69f305ccc4c5e96e609d9bbdb22

  • SHA1

    d50bb7562c4853a116e9bb66e26f75e1b6ea2f80

  • SHA256

    f68b5edb86690acaddb63a4717d1b1c8807d170efc9a54245b40f23a57d4a328

  • SHA512

    1f5f4412dd509c4e97f48754b818467ba66efcf03e8d6b9d39f1216702e974f68cef656442ac4aaa44ba9d514e6d0c4fa51a256ccd77a2b11a4a25c7c67f5ab9

  • SSDEEP

    3072:fjG/TPp+AgPbdXnx6ZBfPG6+Xo4Y63F35oJq3Kco08AQazELZn+1qPrx6/idiTj:qERMVPG6+Y63HoG1QawL40Prx6KkTj

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

131.100.24.202:443

193.160.214.95:4125

67.43.4.76:8172
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_f68b5edb86690acaddb63a4717d1b1c8807d170efc9a54245b40f23a57d4a328

    • Size

      167KB

    • MD5

      4de4c69f305ccc4c5e96e609d9bbdb22

    • SHA1

      d50bb7562c4853a116e9bb66e26f75e1b6ea2f80

    • SHA256

      f68b5edb86690acaddb63a4717d1b1c8807d170efc9a54245b40f23a57d4a328

    • SHA512

      1f5f4412dd509c4e97f48754b818467ba66efcf03e8d6b9d39f1216702e974f68cef656442ac4aaa44ba9d514e6d0c4fa51a256ccd77a2b11a4a25c7c67f5ab9

    • SSDEEP

      3072:fjG/TPp+AgPbdXnx6ZBfPG6+Xo4Y63F35oJq3Kco08AQazELZn+1qPrx6/idiTj:qERMVPG6+Y63HoG1QawL40Prx6KkTj

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks