Overview

overview

10

Static

static

3

JaffaCakes...7c.dll

windows7-x64

10

JaffaCakes...7c.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0bc99fe32cadb6f073648f3fdd4b65b57e7cfe878ba59ec08f8c01554b5e3b7c

  • Size

    170KB

  • Sample

    241230-x2hr3avkhr

  • MD5

    90ca4becb1dedcbb1cb3428721b85550

  • SHA1

    800add90a6c6e380e3930859aa88ce6cfc92ddcb

  • SHA256

    0bc99fe32cadb6f073648f3fdd4b65b57e7cfe878ba59ec08f8c01554b5e3b7c

  • SHA512

    8939ddb13554992fd1a7bdf81923900ee1ffb4af8489dbf9b415571a96b4e2beac195d06e09c941958e24c9221fc817ade4fb55ff4a8d6e2b7fb2b03034ade9f

  • SSDEEP

    3072:DqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:NVqNd+CIQHXu9VFmu0qU2CJ5

Score
10/10
dridex40112botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

128.199.200.38:443

192.163.233.216:6601

43.229.206.244:4125
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_0bc99fe32cadb6f073648f3fdd4b65b57e7cfe878ba59ec08f8c01554b5e3b7c

    • Size

      170KB

    • MD5

      90ca4becb1dedcbb1cb3428721b85550

    • SHA1

      800add90a6c6e380e3930859aa88ce6cfc92ddcb

    • SHA256

      0bc99fe32cadb6f073648f3fdd4b65b57e7cfe878ba59ec08f8c01554b5e3b7c

    • SHA512

      8939ddb13554992fd1a7bdf81923900ee1ffb4af8489dbf9b415571a96b4e2beac195d06e09c941958e24c9221fc817ade4fb55ff4a8d6e2b7fb2b03034ade9f

    • SSDEEP

      3072:DqWLBTrGNr0gl+CI3bc4ThMXu6GkqFmLqmjcRVmkHkKFhG2wwUJ5/lB:NVqNd+CIQHXu9VFmu0qU2CJ5

    Score
    10/10
    dridex40112botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks