General
-
Target
f9f52a1269c9577937cb222ac8037214_JaffaCakes118
-
Size
568KB
-
Sample
240927-hx8qcstelb
-
MD5
f9f52a1269c9577937cb222ac8037214
-
SHA1
63d8fc56792332a69b844101ee4c4a1b58608e2d
-
SHA256
2c69ee71a37c1e3e195ba454e6728da0f41fc16c173a056df99916ceb5b51e41
-
SHA512
36bcafb61e105ce2a36e9509b374b95cfd8b15dd20ff31ebf40b6a691c7f7bf494fbdd12deac202e33bd23f325e9b5e6e6a7634f20e124ba6319b9d88b95fe16
-
SSDEEP
6144:VdjTOk2ikl/LmnxyJjvRn9tAdadrEhcVKFNTOYNSeA/GjaMwZTazWXzkYdehtXIT:fObZ5ayNl/9ucVJYNSegGjzs4x/Y
Malware Config
Extracted
trickbot
1000251
ser0827us
178.116.83.49:443
176.114.66.20:449
162.212.112.175:449
198.53.63.120:443
158.58.131.54:443
104.254.10.200:449
118.200.151.113:443
41.211.9.234:449
178.78.202.189:443
109.173.104.236:449
212.225.214.249:449
81.17.86.112:443
88.87.231.162:449
46.149.182.112:449
197.232.243.36:449
198.164.250.111:449
47.49.168.50:443
70.79.178.120:449
68.109.83.22:443
176.10.170.65:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
f9f52a1269c9577937cb222ac8037214_JaffaCakes118
-
Size
568KB
-
MD5
f9f52a1269c9577937cb222ac8037214
-
SHA1
63d8fc56792332a69b844101ee4c4a1b58608e2d
-
SHA256
2c69ee71a37c1e3e195ba454e6728da0f41fc16c173a056df99916ceb5b51e41
-
SHA512
36bcafb61e105ce2a36e9509b374b95cfd8b15dd20ff31ebf40b6a691c7f7bf494fbdd12deac202e33bd23f325e9b5e6e6a7634f20e124ba6319b9d88b95fe16
-
SSDEEP
6144:VdjTOk2ikl/LmnxyJjvRn9tAdadrEhcVKFNTOYNSeA/GjaMwZTazWXzkYdehtXIT:fObZ5ayNl/9ucVJYNSegGjzs4x/Y
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Stops running service(s)
-
Executes dropped EXE
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in System32 directory
-