General

  • Target

    a6d5ea402f7152cc7d56942f6dab960b_JaffaCakes118

  • Size

    575KB

  • Sample

    241127-j6fllsvqb1

  • MD5

    a6d5ea402f7152cc7d56942f6dab960b

  • SHA1

    8733bd608c8ecf9ce1a97ef2d332d136f2f184a0

  • SHA256

    c1516fd04cf95c6437a5f02d4715d1b034a4cc8edb71b487a3a0c0eb76fd0216

  • SHA512

    fe73bd1c4b54c0a251c29f9eada71c9b47f16e8494a7c388111f9143a020a3c128934b2864366708e62e38d7a3725b4a1fbd5e2e550963f7707fcdd95464ad39

  • SSDEEP

    12288:+7UffyoMiaBpylVC/SryA42E9VH8O1zdMNev6CP:+7UfKyS/SrD42EvcO1lvd

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top127

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      a6d5ea402f7152cc7d56942f6dab960b_JaffaCakes118

    • Size

      575KB

    • MD5

      a6d5ea402f7152cc7d56942f6dab960b

    • SHA1

      8733bd608c8ecf9ce1a97ef2d332d136f2f184a0

    • SHA256

      c1516fd04cf95c6437a5f02d4715d1b034a4cc8edb71b487a3a0c0eb76fd0216

    • SHA512

      fe73bd1c4b54c0a251c29f9eada71c9b47f16e8494a7c388111f9143a020a3c128934b2864366708e62e38d7a3725b4a1fbd5e2e550963f7707fcdd95464ad39

    • SSDEEP

      12288:+7UffyoMiaBpylVC/SryA42E9VH8O1zdMNev6CP:+7UfKyS/SrD42EvcO1lvd

MITRE ATT&CK Enterprise v15

Tasks