General
-
Target
ac98653c16036fcde573c34c02cc2bf6_JaffaCakes118
-
Size
198KB
-
Sample
240615-czp35szepm
-
MD5
ac98653c16036fcde573c34c02cc2bf6
-
SHA1
adc8d9569c1dbb9fb1d39132c2f3229d9c41a638
-
SHA256
fc15217702b332433079ccd1b797ff2e51c5305241886b03ed7ed55265a1b8eb
-
SHA512
ca29ddaac8e28932ef5172c0b97b2ac38074b2cfbd8a0febd149d84e322651a04e85a3b44546d538f5b819f0e73d9ddc7370c9351a76cd536d759467dfd6609d
-
SSDEEP
6144:0h2cYY5O7+jkXajr/Gjwh5w4esl005XKsin:LcH5pIXajr/Gkh5wkXKsin
Malware Config
Extracted
trickbot
1000192
jim222
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
95.161.180.42:449
203.86.222.142:449
109.95.114.28:449
118.91.178.106:449
173.220.6.194:449
179.107.89.145:449
46.20.207.204:449
91.206.4.216:449
69.122.117.95:449
68.96.73.154:449
185.42.192.194:449
189.84.125.37:449
68.227.31.46:449
107.144.49.162:449
46.72.175.17:449
144.48.51.8:449
46.243.179.212:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
FC37F21CE836B982CA136E18953AF2B9219F526833B255A87A3FD5F6C2AFF167.exe
-
Size
348KB
-
MD5
92c5cb082171843f72b15695a79080f7
-
SHA1
8fa46a9f210aaaa3a93e3e93183ff34a59b9055f
-
SHA256
fc37f21ce836b982ca136e18953af2b9219f526833b255a87a3fd5f6c2aff167
-
SHA512
5422b35c174404f9c3fd1037af702b5f4afa1016873ab33e141931cda96e78ef3818ece87f5b76aa8d59416fd98eff7ecf28504e5a420b5898d5a9c3babcc897
-
SSDEEP
6144:rkWQuLNawPczZLIjerLQ/pc9FpTg/yVcCmkj:JJL9kFLIer8/p+zMGfNj
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-