General

  • Target

    JaffaCakes118_b876068e832695129cac569fe7a9923cbfb2a3f6409aa4519dee6b62f01925d4

  • Size

    177KB

  • Sample

    241230-yek5cavrcp

  • MD5

    aaa432f8d8aa3267f02b1154e24cb98f

  • SHA1

    f7fbc7051d3ebec1d7ae27e83b7d90f912643ac6

  • SHA256

    b876068e832695129cac569fe7a9923cbfb2a3f6409aa4519dee6b62f01925d4

  • SHA512

    8d5f4d42e0ab4938fb58df794807945da9dddfc762288939ea1475c1336b35861011cab1156a452b520e2d9b46eb6ecc24fc025d42dfe2d7d2734a9f9e98f63b

  • SSDEEP

    3072:WuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:KzWxkOP4p2EesvcDi6DOHPJ

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

144.76.1.150:443

50.249.212.98:23399

104.168.154.79:5007

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_b876068e832695129cac569fe7a9923cbfb2a3f6409aa4519dee6b62f01925d4

    • Size

      177KB

    • MD5

      aaa432f8d8aa3267f02b1154e24cb98f

    • SHA1

      f7fbc7051d3ebec1d7ae27e83b7d90f912643ac6

    • SHA256

      b876068e832695129cac569fe7a9923cbfb2a3f6409aa4519dee6b62f01925d4

    • SHA512

      8d5f4d42e0ab4938fb58df794807945da9dddfc762288939ea1475c1336b35861011cab1156a452b520e2d9b46eb6ecc24fc025d42dfe2d7d2734a9f9e98f63b

    • SSDEEP

      3072:WuCmyBVtWxZCOCA4Hpl1tv18FTETA8ocya/OyoSJPAacbnid8DOHPJ+HJ:KzWxkOP4p2EesvcDi6DOHPJ

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Enterprise v15

Tasks