General
-
Target
e6f22ca7f7e05342709de3367352258c_JaffaCakes118
-
Size
304KB
-
Sample
240917-qzkqbawdmp
-
MD5
e6f22ca7f7e05342709de3367352258c
-
SHA1
f7d911ff02edb4f7f7624ba9ab4a5143e5d30c38
-
SHA256
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864
-
SHA512
0c4b9ce2109e1acfc721ec2544548f24a1c083ebf3b207a3fadd1c4995805678381c51241afe9047b9e57403717353f425e7780d8b2d0df7b84731118966ad3b
-
SSDEEP
6144:qaTPKN8FoC+ZvWR6lCMDLz+1yMG1fef9jifVtg/Pb12m2wbtk7zRX9bvVPL:qaTPKN8F4jD+nG1fieNG/Pb12mtg9XTT
Malware Config
Targets
-
-
Target
e6f22ca7f7e05342709de3367352258c_JaffaCakes118
-
Size
304KB
-
MD5
e6f22ca7f7e05342709de3367352258c
-
SHA1
f7d911ff02edb4f7f7624ba9ab4a5143e5d30c38
-
SHA256
5744f89569706b092f3c84da42f2409318ce77b01b7173c722dd00d1c65f4864
-
SHA512
0c4b9ce2109e1acfc721ec2544548f24a1c083ebf3b207a3fadd1c4995805678381c51241afe9047b9e57403717353f425e7780d8b2d0df7b84731118966ad3b
-
SSDEEP
6144:qaTPKN8FoC+ZvWR6lCMDLz+1yMG1fef9jifVtg/Pb12m2wbtk7zRX9bvVPL:qaTPKN8F4jD+nG1fieNG/Pb12mtg9XTT
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-