Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_832eeefc22534f6950400d15e8935c9c

  • Size

    608KB

  • Sample

    250105-b39raaxjet

  • MD5

    832eeefc22534f6950400d15e8935c9c

  • SHA1

    118c59803cb592d8f5bbd2389aa996f9e72be841

  • SHA256

    177e81da942333056d979eb2064f5136af354653e205f930c35bb5343c572b93

  • SHA512

    6377cb446f9e4c7780393fcca04b935ec74c9b7d3c4965ce9d3a7e98f937fd112f68d116bb2ab1e7378891ef64e12c45f1e5921924507c48973318f8089c7489

  • SSDEEP

    12288:1ZGQdqOG6qJqydLqQSeCqsVK8kPRGO35N9mV+zXc6:1Z01WjeCVVK8kP9N9oK

Malware Config

Extracted

Family

dridex

Botnet

10444

C2

174.128.245.202:443

51.83.3.52:13786

69.64.50.41:6602

rc4.plain
1
ngQDCdrlVj1uAoRRq9y7YMw70orpAe8L
rc4.plain
1
QfEmoomcAxkbuAbw8boa65z3qCBnwzDVqJm8KUMFeQAf42fnLHru3aSLbKMVy3yaeP1WqkEoEC

Targets

    • Target

      JaffaCakes118_832eeefc22534f6950400d15e8935c9c

    • Size

      608KB

    • MD5

      832eeefc22534f6950400d15e8935c9c

    • SHA1

      118c59803cb592d8f5bbd2389aa996f9e72be841

    • SHA256

      177e81da942333056d979eb2064f5136af354653e205f930c35bb5343c572b93

    • SHA512

      6377cb446f9e4c7780393fcca04b935ec74c9b7d3c4965ce9d3a7e98f937fd112f68d116bb2ab1e7378891ef64e12c45f1e5921924507c48973318f8089c7489

    • SSDEEP

      12288:1ZGQdqOG6qJqydLqQSeCqsVK8kPRGO35N9mV+zXc6:1Z01WjeCVVK8kP9N9oK

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex family

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.