Resubmissions

15-11-2024 10:26

241115-mgsreswpap 10

11-11-2024 20:56

241111-zrhenazjfm 10

General

  • Target

    ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168

  • Size

    776KB

  • Sample

    241111-zrhenazjfm

  • MD5

    3299acdbd8a544780abb6eae4668d1aa

  • SHA1

    9e7a81e25b980faa44c4048171027eea865e874b

  • SHA256

    ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168

  • SHA512

    f468b7e85d5ccde05b025ee57d5e9f55286fc7d8fc4dd90b1e600f6f1ba30e6f73ec83cc9f2d88f245ab41d9659a5cb2637837f438f7234f942f5cc9a64fd6cd

  • SSDEEP

    12288:FeTBslq08I3L92xhqmqUVWFxjPc/jxEnU2vMQs:UtI3L9WqdjPU67

Malware Config

Extracted

Family

bdaejec

C2

ddos.dnsnb8.net

Extracted

Family

trickbot

Version

100019

Botnet

top115

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168

    • Size

      776KB

    • MD5

      3299acdbd8a544780abb6eae4668d1aa

    • SHA1

      9e7a81e25b980faa44c4048171027eea865e874b

    • SHA256

      ddc2c78d6f8510947bef12901b68da4f595e0733d9bc82434791d293cdc9e168

    • SHA512

      f468b7e85d5ccde05b025ee57d5e9f55286fc7d8fc4dd90b1e600f6f1ba30e6f73ec83cc9f2d88f245ab41d9659a5cb2637837f438f7234f942f5cc9a64fd6cd

    • SSDEEP

      12288:FeTBslq08I3L92xhqmqUVWFxjPc/jxEnU2vMQs:UtI3L9WqdjPU67

    • Bdaejec

      Bdaejec is a backdoor written in C++.

    • Bdaejec family

    • Detects Bdaejec Backdoor.

      Bdaejec is backdoor written in C++.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks