Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_85211b0a5e81435a4ceea5f84a624934e3519d4efc91d3fe07ca3051e17db337

  • Size

    497KB

  • Sample

    241230-x6dznsvmfk

  • MD5

    08d1da21747bc21ffb81e7436c71d403

  • SHA1

    35c1caa0426e3e0efb9b66c8571bf6953bace840

  • SHA256

    85211b0a5e81435a4ceea5f84a624934e3519d4efc91d3fe07ca3051e17db337

  • SHA512

    2cafaf3f5c20e097ec0c6a96d0e250f6a4118e73d747ad5dcc818d17c25987f28e0fbd1b06e445b26b1892aa1628ffb1e9d2083e37ccb08d7697d0a025432299

  • SSDEEP

    12288:FCsrQDA5hv6apf4ciS4Z5LyRUjeXNo6p33ZDvr8MjC25gV5LPi5IZrM:FFrQDA5r4ciSy4RUaXN1p5Lr8L250LhM

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

209.20.87.138:443

198.1.115.153:8172

151.236.29.248:6516

rc4.plain
rc4.plain

Targets

    • Target

      6860b23431c03b24449bf266854150b9a1afe5978b84f53803d446696a0e3621

    • Size

      785KB

    • MD5

      adae957f96ecb08a9271bcbe38da2cc5

    • SHA1

      acfaf6b3f0f2c97446e14567ba3fb4d101464ff4

    • SHA256

      6860b23431c03b24449bf266854150b9a1afe5978b84f53803d446696a0e3621

    • SHA512

      9018c290c9bb7ccd576a7dac15ddc1cc4051a9e6026a7013328984f0874638814197ffbb0adda8ee6a43e7d77b6de279585459e0bf12d6eeb2676b99edc150b6

    • SSDEEP

      12288:nbqkjZx1Vu8MpJYosZUmc16RWdrpo8+FFcLxT8HoxmRsDJteMKTi81MOU7qOkQR1:nbqkjZxqxYjxoArwQobmMK5iOUFkK1

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks