Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_ba94d8e852db743850f1f5e6fceb732eeeecfeb0a902bf7834c26da8bfce27dd

  • Size

    184KB

  • Sample

    241230-2nkrqaslel

  • MD5

    cb0ce3e6ad5debcff362d32217b6622a

  • SHA1

    54aea55c9841312f253ab3cb8bc60d13f0e4f63d

  • SHA256

    ba94d8e852db743850f1f5e6fceb732eeeecfeb0a902bf7834c26da8bfce27dd

  • SHA512

    fcdfda6c4532b4223375941ea3f1b0ca7dc490f7115dc241b6ad93ab295516d075964d80b9defb95643ea19448b66c884c6cbdec1976d5fef49dd5af50e0c7c9

  • SSDEEP

    3072:oJQ6H3ykY88YOSs+k1TwEuTcMIznNuOzlr1Xznku9Luk0eJww8Jya//2uFrSc:lfYOX+wTScR/Xzku9LVw1uG

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

80.241.218.90:443

103.161.172.109:13786

87.98.128.76:5723

rc4.plain
1
XH2KyJtcJ7RSk5n0Ak2zUIsoefdhHZlKRYf
rc4.plain
1
cYEsjNtMnqhfNdGdtxJHObrdyxC7I2RsYqPuLirrwkWgKf0csGFj3Ow4lgY2bwEnd8mTqve

Targets

    • Target

      JaffaCakes118_ba94d8e852db743850f1f5e6fceb732eeeecfeb0a902bf7834c26da8bfce27dd

    • Size

      184KB

    • MD5

      cb0ce3e6ad5debcff362d32217b6622a

    • SHA1

      54aea55c9841312f253ab3cb8bc60d13f0e4f63d

    • SHA256

      ba94d8e852db743850f1f5e6fceb732eeeecfeb0a902bf7834c26da8bfce27dd

    • SHA512

      fcdfda6c4532b4223375941ea3f1b0ca7dc490f7115dc241b6ad93ab295516d075964d80b9defb95643ea19448b66c884c6cbdec1976d5fef49dd5af50e0c7c9

    • SSDEEP

      3072:oJQ6H3ykY88YOSs+k1TwEuTcMIznNuOzlr1Xznku9Luk0eJww8Jya//2uFrSc:lfYOX+wTScR/Xzku9LVw1uG

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.