trickbot | 607c0b63b89f4c0b1151181cc0b8a06a_JaffaCakes118

General

Target

607c0b63b89f4c0b1151181cc0b8a06a_JaffaCakes118
Size

228KB
MD5

607c0b63b89f4c0b1151181cc0b8a06a
SHA1

4e98484e324b80e6a7f003612803755468e992e8
SHA256

e5ef4b7879d77c1121d50503506f4a6f9526ccd7a6778b7227746cd9fa9f283f
SHA512

b1885118fea127188fe597d8f649d9bcc675af923466a0d77f527edd3c36697bb95371a18eeb66a0cfb3d121c07ee3c2ab18b1cd8bc7a939f0ddda1d169beae3
SSDEEP

3072:+5z2gTPdFG0m5cFk1oOG5UP2s56S9NKEI+Bcl/hJik6heuZn4fUCtbBLrlMTecqt:OTGBMmk5Jik64utgP+qZzfpZ

Score

10^/10

tot381 trickbot

Malware Config

Extracted

Family

trickbot

Version

1000324

Botnet

tot381

C2

107.175.127.149:443

103.108.120.115:449

160.3.20.103:449

107.174.34.202:443

66.64.20.194:449

104.143.67.156:449

65.152.237.149:449

194.5.250.185:443

36.91.74.138:449

198.46.160.217:443

103.129.195.105:449

174.105.237.127:449

192.3.52.107:443

47.224.98.123:449

103.235.176.174:449

209.191.203.238:449

202.59.168.162:449

115.85.76.94:449

23.94.36.143:443

112.78.38.163:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll
Name:pwgrab

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
607c0b63b89f4c0b1151181cc0b8a06a_JaffaCakes118

Files

607c0b63b89f4c0b1151181cc0b8a06a_JaffaCakes118
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB