General
-
Target
f0e3d9253382b367c06317a341054aa1_JaffaCakes118
-
Size
455KB
-
Sample
240922-ad7d7asakh
-
MD5
f0e3d9253382b367c06317a341054aa1
-
SHA1
3bca87eac9c996474d55ffbab8ec09eec4e87202
-
SHA256
edcedbac57a24ff8ea61ac29936d868fbc0d8d7bdf4e0fa47bcf7ec53bb6d888
-
SHA512
1877f0dbe9a5cf3e7e24380574e973a15640c6cc42d58c999725b049122a84db208479f210d1398004265730ba6cc65c70552082a19e2c5ad17a348f716483d0
-
SSDEEP
6144:wFHLYByjSOnR75PGbI3S9GvGx4/Uc/fxUgjG6PMEu2vGhwd/K6786TEnCAIpi9M4:8LYBEnVdYIH3d/fDG6uMbGf
Malware Config
Targets
-
-
Target
f0e3d9253382b367c06317a341054aa1_JaffaCakes118
-
Size
455KB
-
MD5
f0e3d9253382b367c06317a341054aa1
-
SHA1
3bca87eac9c996474d55ffbab8ec09eec4e87202
-
SHA256
edcedbac57a24ff8ea61ac29936d868fbc0d8d7bdf4e0fa47bcf7ec53bb6d888
-
SHA512
1877f0dbe9a5cf3e7e24380574e973a15640c6cc42d58c999725b049122a84db208479f210d1398004265730ba6cc65c70552082a19e2c5ad17a348f716483d0
-
SSDEEP
6144:wFHLYByjSOnR75PGbI3S9GvGx4/Uc/fxUgjG6PMEu2vGhwd/K6786TEnCAIpi9M4:8LYBEnVdYIH3d/fDG6uMbGf
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-