Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_5cde12b2d44ccc617e7fa06077cde0838516afa3d71c112515845f49435fca5c

  • Size

    162KB

  • Sample

    241230-3ezd7awpgs

  • MD5

    802211d96fbc0929a49d9e3dadf08461

  • SHA1

    ad51724096e55635ae0c6bbc2b828ebfee977472

  • SHA256

    5cde12b2d44ccc617e7fa06077cde0838516afa3d71c112515845f49435fca5c

  • SHA512

    de06d68548c603ee0cd9f35ce7b5a6edb2d370dfab1d4257ab4c87febabfeeaf1e16ae4da40f0b33199c29fbd7a84b3c358a06db84e04dc9024fb3cf4ed80951

  • SSDEEP

    3072:RmNFcsGvTmf9vOmoM0IZ5kPjBxYvdIL2KyOQaOP8+cMTH1PxsMYQnF1b1l:gLc7UtOpM1Z5k1xYO2LXjTH1pH5nF1p

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

107.172.227.10:443

172.93.133.123:2303

108.168.61.147:8172

rc4.plain
1
AhGDjKatq8OVBsCNBxsJHbQSf84QZXMd170Lw0kGCrK
rc4.plain
1
ZZ9zhvNgYZKh5HVVVEDNPVdpdSY2d6pJ4ZBqsvPVEDjyOFNIkXQwmhTyNKiurfq

Targets

    • Target

      JaffaCakes118_5cde12b2d44ccc617e7fa06077cde0838516afa3d71c112515845f49435fca5c

    • Size

      162KB

    • MD5

      802211d96fbc0929a49d9e3dadf08461

    • SHA1

      ad51724096e55635ae0c6bbc2b828ebfee977472

    • SHA256

      5cde12b2d44ccc617e7fa06077cde0838516afa3d71c112515845f49435fca5c

    • SHA512

      de06d68548c603ee0cd9f35ce7b5a6edb2d370dfab1d4257ab4c87febabfeeaf1e16ae4da40f0b33199c29fbd7a84b3c358a06db84e04dc9024fb3cf4ed80951

    • SSDEEP

      3072:RmNFcsGvTmf9vOmoM0IZ5kPjBxYvdIL2KyOQaOP8+cMTH1PxsMYQnF1b1l:gLc7UtOpM1Z5k1xYO2LXjTH1pH5nF1p

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.