Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_5cc50a817384e0e3292b04124a809f3096c5ccc1baf956795e7e651978e44095

  • Size

    170KB

  • Sample

    241230-3exwcswpfz

  • MD5

    43e1fe75777c5a7ee130667adbd31e64

  • SHA1

    e169e835ddbeafde4b1e579e647fab14bf2796d4

  • SHA256

    5cc50a817384e0e3292b04124a809f3096c5ccc1baf956795e7e651978e44095

  • SHA512

    524c9444a71fe6aee8633a7eb905d07e88be403254d762ec420b06bf20da5db7ebc3de3841464e0f9eac5880f98c3097eee346738934eab9d90770840e3da6e9

  • SSDEEP

    3072:pqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:PVqNd+CIQHXu9VFmu0qU2CJ5

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_5cc50a817384e0e3292b04124a809f3096c5ccc1baf956795e7e651978e44095

    • Size

      170KB

    • MD5

      43e1fe75777c5a7ee130667adbd31e64

    • SHA1

      e169e835ddbeafde4b1e579e647fab14bf2796d4

    • SHA256

      5cc50a817384e0e3292b04124a809f3096c5ccc1baf956795e7e651978e44095

    • SHA512

      524c9444a71fe6aee8633a7eb905d07e88be403254d762ec420b06bf20da5db7ebc3de3841464e0f9eac5880f98c3097eee346738934eab9d90770840e3da6e9

    • SSDEEP

      3072:pqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:PVqNd+CIQHXu9VFmu0qU2CJ5

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks