General

  • Target

    JaffaCakes118_67a077c77b612b31db0bae0639e1fb2e2e2c973cef4529d3684a4e3bbc380d4e

  • Size

    170KB

  • Sample

    241230-2hblvsvldv

  • MD5

    a21d4e2eca83bcba4d44f2b03fb6322b

  • SHA1

    041358ca89ecb734448ba7fc19473c355633633d

  • SHA256

    67a077c77b612b31db0bae0639e1fb2e2e2c973cef4529d3684a4e3bbc380d4e

  • SHA512

    3dc80635195543f90d532ad6362ba6b11753aaa8ef3c6023fd809f1ffebf61177152564a3db9946563804c22f1cad359914538d74bb48b25dc6e15df046af657

  • SSDEEP

    3072:lV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:lV/jTe38LiI4Oi75izyn+4lm

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

210.65.244.187:443

162.241.41.92:2303

46.231.204.10:8172

185.183.159.100:4125

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_67a077c77b612b31db0bae0639e1fb2e2e2c973cef4529d3684a4e3bbc380d4e

    • Size

      170KB

    • MD5

      a21d4e2eca83bcba4d44f2b03fb6322b

    • SHA1

      041358ca89ecb734448ba7fc19473c355633633d

    • SHA256

      67a077c77b612b31db0bae0639e1fb2e2e2c973cef4529d3684a4e3bbc380d4e

    • SHA512

      3dc80635195543f90d532ad6362ba6b11753aaa8ef3c6023fd809f1ffebf61177152564a3db9946563804c22f1cad359914538d74bb48b25dc6e15df046af657

    • SSDEEP

      3072:lV/jTmL3X6TLhgZBxbvRS1ebSi75S5NNZ4n+whXVM9MWdo8erj:lV/jTe38LiI4Oi75izyn+4lm

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks