Overview

overview

10

Static

static

3

JaffaCakes...cf.dll

windows7-x64

10

JaffaCakes...cf.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c57e5cdd4b60e5f3e2f911d526da05cf9215e5322dd4b6599d4502a48975d5cf

  • Size

    159KB

  • Sample

    241230-yt144swpdm

  • MD5

    f356c7c58bad103e0d29683cf2a46e3d

  • SHA1

    eb7dc3e53fcfd54794e99ac550ad2a5baf750f4e

  • SHA256

    c57e5cdd4b60e5f3e2f911d526da05cf9215e5322dd4b6599d4502a48975d5cf

  • SHA512

    1d444aa381835b67dbb6c68bc2e0193003915151b5a0afc0ba259c4f648067e399c3c2314bf4cad2691d6e2ccd269aed385d309a7513c0bd20bf597693851616

  • SSDEEP

    3072:cN8CMtKJlXoDFwXrdV/9/uWIdojDZl4epTGmoAc7iTRilfn6wlYYYZwd:JnClX8WZ7/HrRCADTR0Vl6Zw

Score
10/10
dridex22203botnetdiscoveryevasionloadertrojan

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

78.46.73.125:443

185.148.168.26:2303

66.113.160.126:8172
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_c57e5cdd4b60e5f3e2f911d526da05cf9215e5322dd4b6599d4502a48975d5cf

    • Size

      159KB

    • MD5

      f356c7c58bad103e0d29683cf2a46e3d

    • SHA1

      eb7dc3e53fcfd54794e99ac550ad2a5baf750f4e

    • SHA256

      c57e5cdd4b60e5f3e2f911d526da05cf9215e5322dd4b6599d4502a48975d5cf

    • SHA512

      1d444aa381835b67dbb6c68bc2e0193003915151b5a0afc0ba259c4f648067e399c3c2314bf4cad2691d6e2ccd269aed385d309a7513c0bd20bf597693851616

    • SSDEEP

      3072:cN8CMtKJlXoDFwXrdV/9/uWIdojDZl4epTGmoAc7iTRilfn6wlYYYZwd:JnClX8WZ7/HrRCADTR0Vl6Zw

    Score
    10/10
    dridex22203botnetdiscoveryevasionloadertrojan

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks