General

  • Target

    8033479ff159e380ed046f3d60e08286_JaffaCakes118

  • Size

    124KB

  • MD5

    8033479ff159e380ed046f3d60e08286

  • SHA1

    cb987967014653de48e1dd2898cb7d878c367233

  • SHA256

    959d2fe1299c90a5d8d143b97e5f2fe6b62b36b0ca68c01811b6f3ee4b485fe4

  • SHA512

    84561472c22d3263ae973ab436a21a20a4570714ffa2ce6f52f883d2afa14d592c0a54ee2e140f269e55d46ba1c9c6e549e99b6ddc08dc0981267abcef718b6c

  • SSDEEP

    3072:NWJSRoWNU1GgPooZMephW1Sm7Jjgjx62:vzsGJoZTkljgR

Score
10/10

Malware Config

Extracted

Family

trickbot

Version

1000192

Botnet

ser0511

C2

209.121.142.202:449

5.102.177.205:449

209.121.142.214:449

95.161.180.42:449

203.86.222.142:449

109.95.114.28:449

118.91.178.106:449

173.220.6.194:449

179.107.89.145:449

46.20.207.204:449

91.206.4.216:449

69.122.117.95:449

68.96.73.154:449

185.42.192.194:449

189.84.125.37:449

68.227.31.46:449

107.144.49.162:449

46.72.175.17:449

144.48.51.8:449

46.243.179.212:449

Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:injectDll
ecc_pubkey.base64

Signatures

  • Trickbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8033479ff159e380ed046f3d60e08286_JaffaCakes118
    .exe windows:5 windows x64 arch:x64


    Headers

    Sections