Overview

overview

10

Static

static

3

JaffaCakes...1a.dll

windows7-x64

10

JaffaCakes...1a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_74e4a2208c91735a96bfbbba392b221a

  • Size

    180KB

  • Sample

    250107-x3cx7swran

  • MD5

    74e4a2208c91735a96bfbbba392b221a

  • SHA1

    38855ddf26cc33d307132386c20cff6bf7846aaf

  • SHA256

    0f805102c77684494cffc5df1e75e97990f83f58e6845d16f02888db03b2159e

  • SHA512

    9fc2b724b63c75b3ea7e44a95d9e9cdfa181a5d81ab7a0b445b727101e93592f9ea4b5f2e57f83f0f3f5934f628b31e1f38d724cb4b7fdaf03a21b29843f65d8

  • SSDEEP

    3072:Ysp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb55ea:Ysp0bG6q7040aBfK0db5

Score
10/10
dridex22201botnetdiscoveryloader

Malware Config

Extracted

Family

dridex

Botnet

22201

C2

212.237.17.99:443

176.28.17.160:6602

51.254.140.238:8333
rc4.plain
rc4.plain

Targets

    • Target

      JaffaCakes118_74e4a2208c91735a96bfbbba392b221a

    • Size

      180KB

    • MD5

      74e4a2208c91735a96bfbbba392b221a

    • SHA1

      38855ddf26cc33d307132386c20cff6bf7846aaf

    • SHA256

      0f805102c77684494cffc5df1e75e97990f83f58e6845d16f02888db03b2159e

    • SHA512

      9fc2b724b63c75b3ea7e44a95d9e9cdfa181a5d81ab7a0b445b727101e93592f9ea4b5f2e57f83f0f3f5934f628b31e1f38d724cb4b7fdaf03a21b29843f65d8

    • SSDEEP

      3072:Ysp0m9FOGDv64TOvqdjR91E404PUW6bKHJZK0Bzb55ea:Ysp0bG6q7040aBfK0db5

    Score
    10/10
    dridex22201botnetdiscoveryloader

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

      botnetdridex

    • Dridex family

      dridex

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

      botnetloader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks