General

  • Target

    JaffaCakes118_58defe6cd164b4c029214022197533dc376ad0090657d931e1ed57981b1b4498

  • Size

    276KB

  • Sample

    241221-1zrtqs1ngq

  • MD5

    64b9c688f254ac1a898b0fed9c2b6308

  • SHA1

    c9e80687f1940fa250836834cdb5f33d4085cab9

  • SHA256

    58defe6cd164b4c029214022197533dc376ad0090657d931e1ed57981b1b4498

  • SHA512

    3d5a901979af5f2ee9b14ad019ccffee496560c91c03e4be658c437229a5e9aceadb8f1b1c7232a5e6b61192c6bb2ab662d3c00d1dfd318f3a507b98ded9db8e

  • SSDEEP

    6144:PhvANzqFWxfrQ443vaHRYDynrPjq18lq2t7OFyPKziUIr:dANzo8rQp/axY2nrbq1hcyFYU4

Malware Config

Extracted

Family

trickbot

Version

2000016

Botnet

lib11

C2

202.136.89.226:449

202.169.244.252:449

203.176.135.38:449

212.3.104.50:449

41.203.215.122:449

41.41.179.239:449

43.239.152.240:449

43.242.141.59:449

43.245.216.190:449

43.255.113.180:449

45.230.8.34:449

45.233.25.6:449

78.138.128.20:449

49.156.41.74:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      sample

    • Size

      276KB

    • MD5

      fe772386d4d851272a985dae3b0a254a

    • SHA1

      3ef8ab7cccd2dabc9d598d4eebf208b5c5d9b33a

    • SHA256

      bfa4dd7b3e2182a6fa772443847b4fe6e70d66c773c5f0b087da566b779d90b2

    • SHA512

      e6c6953286e7801ba2867a942c6fdb3724597368a029dc3faf2046d6a4a1a861c4845b13de1face1bce8e69e0ff26622f195735f1942ed2f01f65e7821f6d8ec

    • SSDEEP

      6144:EhvANzqFWxfrQe43vaHRsDwnrPjq18lq257OFyHKziUt:0ANzo8rQv/axscnrbq1hmyFWU

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks