Overview

overview

10

Static

static

3

JaffaCakes...75.dll

windows7-x64

10

JaffaCakes...75.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_933b2d52560753cbea3f583fbf6438afa8b8785e90eead6dd6cac7a667668f75

  • Size

    161KB

  • Sample

    241230-zm5z6a1lat

  • MD5

    ab378f375032f9540622e1f06ee3a4d8

  • SHA1

    8ffc15c7c4099607c86a3a34384215fba8e6b698

  • SHA256

    933b2d52560753cbea3f583fbf6438afa8b8785e90eead6dd6cac7a667668f75

  • SHA512

    bc654a142d7bc188f84f1361b0b06e2e834a53177532b447f08d493cee7f64704780b1398aaa4d0bf50beffdf952346fe81aa4e0303cb878c754d6c6817b09cd

  • SSDEEP

    3072:8k2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:iG3rUvoU4JE/Wzan9T7B/CKsL/Yy

Score
10/10
dridex40112botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

40112

C2

193.200.130.181:443

95.138.161.226:2303

167.114.113.13:4125
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_933b2d52560753cbea3f583fbf6438afa8b8785e90eead6dd6cac7a667668f75

    • Size

      161KB

    • MD5

      ab378f375032f9540622e1f06ee3a4d8

    • SHA1

      8ffc15c7c4099607c86a3a34384215fba8e6b698

    • SHA256

      933b2d52560753cbea3f583fbf6438afa8b8785e90eead6dd6cac7a667668f75

    • SHA512

      bc654a142d7bc188f84f1361b0b06e2e834a53177532b447f08d493cee7f64704780b1398aaa4d0bf50beffdf952346fe81aa4e0303cb878c754d6c6817b09cd

    • SSDEEP

      3072:8k2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Yp8AF:iG3rUvoU4JE/Wzan9T7B/CKsL/Yy

    Score
    10/10
    dridex40112botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks