Overview

overview

10

Static

static

3

JaffaCakes...62.dll

windows7-x64

10

JaffaCakes...62.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c062638ed4f1136ca1b1519693ff32b56b89f934ffc4bc627a362c10d6168b62

  • Size

    161KB

  • Sample

    241230-ysk2hayqcs

  • MD5

    0502ebc87423193487f7f87f477f272d

  • SHA1

    8c28cc32aa482bac7ff5627b60696abe77bccfca

  • SHA256

    c062638ed4f1136ca1b1519693ff32b56b89f934ffc4bc627a362c10d6168b62

  • SHA512

    a3a0b52a50100b434ce4b6a17e6a4f952d7b5f8e03e43a6329616c7d7221655b7f2b7d647f17ccbf74cda410796403ff40ba14b4d285f900c60a41f7c0d63050

  • SSDEEP

    3072:Lk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:BG3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score
10/10
dridex40112botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_c062638ed4f1136ca1b1519693ff32b56b89f934ffc4bc627a362c10d6168b62

    • Size

      161KB

    • MD5

      0502ebc87423193487f7f87f477f272d

    • SHA1

      8c28cc32aa482bac7ff5627b60696abe77bccfca

    • SHA256

      c062638ed4f1136ca1b1519693ff32b56b89f934ffc4bc627a362c10d6168b62

    • SHA512

      a3a0b52a50100b434ce4b6a17e6a4f952d7b5f8e03e43a6329616c7d7221655b7f2b7d647f17ccbf74cda410796403ff40ba14b4d285f900c60a41f7c0d63050

    • SSDEEP

      3072:Lk2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:BG3rUvoU4JE/Wzan9T7B/CKsL/Yy

    Score
    10/10
    dridex40112botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks