trickbot | 1a6751d715927c98d564fa1b68d10b19_JaffaCakes118

General

Target

1a6751d715927c98d564fa1b68d10b19_JaffaCakes118
Size

102KB
MD5

1a6751d715927c98d564fa1b68d10b19
SHA1

97ea8626616e1d1633f42a5b8a5a27bbdc32f27d
SHA256

0468a9e5421bbbab655049e6871c17f52f93fe8cccbc0d62efe7ee2ba07904de
SHA512

84b5163b4cfda0009e207f939f57cd1212a55433fe0352eaf4b172b5b2c7617105d68544928c68077dc216e278b0fcc91651fe7df1c6a7f2ed2b7f09a666a3dd
SSDEEP

3072:ziFPvJq+Fyh5u9Hh81Zhn24KZXLcTbgxy9L7Y:zi/q+wAJiZhnjK1cTbw0

Score

10^/10

lib609 trickbot

Malware Config

Extracted

Family

trickbot

Version

1000483

Botnet

lib609

C2

62.109.22.2:443

94.156.144.74:443

78.24.219.9:443

45.141.102.2:443

212.80.218.144:443

5.182.210.254:443

194.5.250.109:443

185.222.202.25:443

185.141.61.29:443

66.85.173.57:443

195.123.220.155:443

51.89.115.110:443

144.91.80.253:443

107.173.240.221:443

103.219.213.102:449

117.255.221.135:449

45.224.214.34:449

170.84.78.224:449

189.28.185.50:449

177.154.86.145:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a6751d715927c98d564fa1b68d10b19_JaffaCakes118

Files

1a6751d715927c98d564fa1b68d10b19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB