General
-
Target
05b67b1e9d3d03401e456c1de02dc475_JaffaCakes118
-
Size
352KB
-
Sample
240428-v45nhach52
-
MD5
05b67b1e9d3d03401e456c1de02dc475
-
SHA1
d9640ad2131441bee98ff9621d3e5ea97b5a10be
-
SHA256
1fd9b7f3e752751bccb1e583b757cc2f4f194134b8b35d7fd9f5392fefbfa581
-
SHA512
9fbd68b509dc3bdb61fe4a24845c73f7674ef434a7cc235c8d3453ed0d30a56d13401112b18b73553e291c81f2aa55d1e06197b2510e94c8780be16a60eaabb9
-
SSDEEP
6144:tkquaiglPEmFvlyD6mQTEEaNeIw4Lc4Px6lCNG:t1uv4fFv4D6mQIFe6LcOQ
Static task
static1
Behavioral task
behavioral1
Sample
05b67b1e9d3d03401e456c1de02dc475_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
05b67b1e9d3d03401e456c1de02dc475_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
trickbot
1000027
solinger16
82.146.57.127:443
62.109.25.11:443
92.63.106.43:443
62.109.26.251:443
78.24.218.206:443
141.255.167.124:443
78.155.218.189:443
95.154.199.237:443
95.213.195.169:443
37.230.114.93:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
05b67b1e9d3d03401e456c1de02dc475_JaffaCakes118
-
Size
352KB
-
MD5
05b67b1e9d3d03401e456c1de02dc475
-
SHA1
d9640ad2131441bee98ff9621d3e5ea97b5a10be
-
SHA256
1fd9b7f3e752751bccb1e583b757cc2f4f194134b8b35d7fd9f5392fefbfa581
-
SHA512
9fbd68b509dc3bdb61fe4a24845c73f7674ef434a7cc235c8d3453ed0d30a56d13401112b18b73553e291c81f2aa55d1e06197b2510e94c8780be16a60eaabb9
-
SSDEEP
6144:tkquaiglPEmFvlyD6mQTEEaNeIw4Lc4Px6lCNG:t1uv4fFv4D6mQIFe6LcOQ
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-