trickbot | e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118

General

Target

e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118
Size

119KB
MD5

e62c5f451ecf2ea4c37d7abab221f92b
SHA1

a6877acb6cb9bc98aa6ca3f4ed7098b0d5fd28cc
SHA256

92c99bcb27c5a04c6863ca113f61c9fb5637acc4bd5c6bf5278df7f60b92adfa
SHA512

360d6ff6e9660701e61e0c3bddbb0dbc1f7c7fe5f418d7b44a4838e22d4fa5e7a5a9bf00777132384a5c2666fcf41bfc3fa3f699405a70627ea0581a61ded890
SSDEEP

3072:7yiwOoyzP+m+Gvp3x1KlIajqpgRNikiNAiIF:1wmPzx1Kl5MgRclC

Score

10^/10

lib689 trickbot

Malware Config

Extracted

Family

trickbot

Version

1000501

Botnet

lib689

C2

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118

Files

e62c5f451ecf2ea4c37d7abab221f92b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 104KB - Virtual size: 104KB

.data Size: 11KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 11KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 2KB