General
-
Target
38f8d8dce460c79e47ccf8d0559d5ecf_JaffaCakes118
-
Size
362KB
-
Sample
240512-jeyccaeg5t
-
MD5
38f8d8dce460c79e47ccf8d0559d5ecf
-
SHA1
49d26c6d463a174f59d97b3874a84910a6483128
-
SHA256
c672dfbaca9833fa9052661b160da26bdf3f11f3fa769a651023ae33311467f8
-
SHA512
a1af464d474ef7eef58dbb033e1d375441851f5f3ed4d9c9324ba7db39b57d2401af11514fc2b163e4418b8abbb3be501bb14a2e5d44a30d0eec457d2650066c
-
SSDEEP
6144:6YrmULWWZYQRtBWyTiFOcjUtxdKmnKiFREUuOeqxmg:6YSU9KSTElUUvRcX
Malware Config
Extracted
trickbot
1000206
tot239
93.109.242.134:443
46.47.50.44:443
190.7.199.42:443
158.58.131.54:443
86.125.39.173:443
208.75.117.70:443
185.168.185.218:443
109.86.227.152:443
185.129.78.167:443
190.4.189.129:443
65.30.201.40:443
66.232.212.59:443
80.53.57.146:443
92.55.251.211:449
94.112.52.197:449
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
95.161.180.42:449
185.42.192.194:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
38f8d8dce460c79e47ccf8d0559d5ecf_JaffaCakes118
-
Size
362KB
-
MD5
38f8d8dce460c79e47ccf8d0559d5ecf
-
SHA1
49d26c6d463a174f59d97b3874a84910a6483128
-
SHA256
c672dfbaca9833fa9052661b160da26bdf3f11f3fa769a651023ae33311467f8
-
SHA512
a1af464d474ef7eef58dbb033e1d375441851f5f3ed4d9c9324ba7db39b57d2401af11514fc2b163e4418b8abbb3be501bb14a2e5d44a30d0eec457d2650066c
-
SSDEEP
6144:6YrmULWWZYQRtBWyTiFOcjUtxdKmnKiFREUuOeqxmg:6YSU9KSTElUUvRcX
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-