General

  • Target

    JaffaCakes118_3371f32a77abf07309907cd77d7b37b47a0b793ce77c51184255717e9e82f87b

  • Size

    188KB

  • Sample

    241224-dx5w9a1lhq

  • MD5

    e42e7189d4ea33f67d2debbc2f712ac7

  • SHA1

    d4fb0840a8d16bddf5bc3d56cdec36e43fe7c9cd

  • SHA256

    3371f32a77abf07309907cd77d7b37b47a0b793ce77c51184255717e9e82f87b

  • SHA512

    84231fe3b12e1c0630c097f744dc46708a1476e2b5e180ea30b2c3d0057c296f7baa00d060958269426677ba0f811782484641d94e41c635be0cbd28911de6f8

  • SSDEEP

    3072:BteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzB9qM:Nq7fYIHBZkTB6DWruUCOwjt

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

103.87.173.60:443

45.32.243.209:8116

207.180.208.54:4664

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_3371f32a77abf07309907cd77d7b37b47a0b793ce77c51184255717e9e82f87b

    • Size

      188KB

    • MD5

      e42e7189d4ea33f67d2debbc2f712ac7

    • SHA1

      d4fb0840a8d16bddf5bc3d56cdec36e43fe7c9cd

    • SHA256

      3371f32a77abf07309907cd77d7b37b47a0b793ce77c51184255717e9e82f87b

    • SHA512

      84231fe3b12e1c0630c097f744dc46708a1476e2b5e180ea30b2c3d0057c296f7baa00d060958269426677ba0f811782484641d94e41c635be0cbd28911de6f8

    • SSDEEP

      3072:BteMq7hp/YIzA6BZvlWnTDN2GL9L8NLXWruiuUCzTOwwc0cIzB9qM:Nq7fYIHBZkTB6DWruUCOwjt

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks