trickbot | 92c99bcb27c5a04c6863ca113f61c9fb5637acc4bd5c6bf5278df7f60b92adfa

General

Target

e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118
Size

119KB
Sample

240917-gkg67sxdqg
MD5

e62c5f451ecf2ea4c37d7abab221f92b
SHA1

a6877acb6cb9bc98aa6ca3f4ed7098b0d5fd28cc
SHA256

92c99bcb27c5a04c6863ca113f61c9fb5637acc4bd5c6bf5278df7f60b92adfa
SHA512

360d6ff6e9660701e61e0c3bddbb0dbc1f7c7fe5f418d7b44a4838e22d4fa5e7a5a9bf00777132384a5c2666fcf41bfc3fa3f699405a70627ea0581a61ded890
SSDEEP

3072:7yiwOoyzP+m+Gvp3x1KlIajqpgRNikiNAiIF:1wmPzx1Kl5MgRclC

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000501

Botnet

lib689

C2

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118
- Size
  
  119KB
- MD5
  
  e62c5f451ecf2ea4c37d7abab221f92b
- SHA1
  
  a6877acb6cb9bc98aa6ca3f4ed7098b0d5fd28cc
- SHA256
  
  92c99bcb27c5a04c6863ca113f61c9fb5637acc4bd5c6bf5278df7f60b92adfa
- SHA512
  
  360d6ff6e9660701e61e0c3bddbb0dbc1f7c7fe5f418d7b44a4838e22d4fa5e7a5a9bf00777132384a5c2666fcf41bfc3fa3f699405a70627ea0581a61ded890
- SSDEEP
  
  3072:7yiwOoyzP+m+Gvp3x1KlIajqpgRNikiNAiIF:1wmPzx1Kl5MgRclC
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2