Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_832eeefc22534f6950400d15e8935c9c

  • Size

    608KB

  • Sample

    250105-b39raaxjet

  • MD5

    832eeefc22534f6950400d15e8935c9c

  • SHA1

    118c59803cb592d8f5bbd2389aa996f9e72be841

  • SHA256

    177e81da942333056d979eb2064f5136af354653e205f930c35bb5343c572b93

  • SHA512

    6377cb446f9e4c7780393fcca04b935ec74c9b7d3c4965ce9d3a7e98f937fd112f68d116bb2ab1e7378891ef64e12c45f1e5921924507c48973318f8089c7489

  • SSDEEP

    12288:1ZGQdqOG6qJqydLqQSeCqsVK8kPRGO35N9mV+zXc6:1Z01WjeCVVK8kP9N9oK

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_832eeefc22534f6950400d15e8935c9c

    • Size

      608KB

    • MD5

      832eeefc22534f6950400d15e8935c9c

    • SHA1

      118c59803cb592d8f5bbd2389aa996f9e72be841

    • SHA256

      177e81da942333056d979eb2064f5136af354653e205f930c35bb5343c572b93

    • SHA512

      6377cb446f9e4c7780393fcca04b935ec74c9b7d3c4965ce9d3a7e98f937fd112f68d116bb2ab1e7378891ef64e12c45f1e5921924507c48973318f8089c7489

    • SSDEEP

      12288:1ZGQdqOG6qJqydLqQSeCqsVK8kPRGO35N9mV+zXc6:1Z01WjeCVVK8kP9N9oK

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks