General

  • Target

    JaffaCakes118_5829ce89e3ab0dcb314d60fd7f9fc363d12b992ce6ba21881bbfef38170934b2

  • Size

    440KB

  • Sample

    241221-179phs1rfm

  • MD5

    9349b3acb1ef1bc3fdae47aa3835fb50

  • SHA1

    79983dcc0d6447681f4189fdbbfe7bbe350669b9

  • SHA256

    5829ce89e3ab0dcb314d60fd7f9fc363d12b992ce6ba21881bbfef38170934b2

  • SHA512

    4d0d48f96fc08fb9a02f5c96648a48fded7a3f011ef2f2617e5d162831135da45cc98333d796c34a8faf24e8f8ce144ebf763ac604f7cc4f3a6d2f96237cfcbd

  • SSDEEP

    6144:v5+iRFTkRhO9SE7tZtfherliYSuTNpBRaj4gzaxCdKJjWJFWMaDTX3H:JFTkOtZTm4EBpL0zacMScx7

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

rob141

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_5829ce89e3ab0dcb314d60fd7f9fc363d12b992ce6ba21881bbfef38170934b2

    • Size

      440KB

    • MD5

      9349b3acb1ef1bc3fdae47aa3835fb50

    • SHA1

      79983dcc0d6447681f4189fdbbfe7bbe350669b9

    • SHA256

      5829ce89e3ab0dcb314d60fd7f9fc363d12b992ce6ba21881bbfef38170934b2

    • SHA512

      4d0d48f96fc08fb9a02f5c96648a48fded7a3f011ef2f2617e5d162831135da45cc98333d796c34a8faf24e8f8ce144ebf763ac604f7cc4f3a6d2f96237cfcbd

    • SSDEEP

      6144:v5+iRFTkRhO9SE7tZtfherliYSuTNpBRaj4gzaxCdKJjWJFWMaDTX3H:JFTkOtZTm4EBpL0zacMScx7

MITRE ATT&CK Enterprise v15

Tasks