General

  • Target

    JaffaCakes118_30cf1943205b1379499ea7f50fb93121acb2a14a4ee9438947bf7a495bbb1030

  • Size

    436KB

  • Sample

    241221-25e8katjdy

  • MD5

    705ca17be8e778ef8e2d3e22d77bbb0a

  • SHA1

    1856f6e6b4db428054ae969c78fb2666f0846190

  • SHA256

    30cf1943205b1379499ea7f50fb93121acb2a14a4ee9438947bf7a495bbb1030

  • SHA512

    cb68f506eaa18ce20385ea76aa76b382237112999cbe9a52ecb301c2dce08acf65c187a1563a177e012100c94ad1ca0daf3a1c259b083aa2e605da493ed6590f

  • SSDEEP

    6144:pkVJ67JhvuooYbJhMZnctQTFE4QbXU9CkDotFMcMNBlNtEKLtc:pkVJIDvZDlOFfQbXU9s79MNBjKotc

Malware Config

Extracted

Family

trickbot

Version

2000033

Botnet

tot157

C2

179.42.137.102:443

191.36.152.198:443

179.42.137.104:443

179.42.137.106:443

179.42.137.108:443

202.183.12.124:443

194.190.18.122:443

103.56.207.230:443

171.103.187.218:449

171.103.189.118:449

18.139.111.104:443

179.42.137.105:443

186.4.193.75:443

171.101.229.2:449

179.42.137.107:443

103.56.43.209:449

179.42.137.110:443

45.181.207.156:443

197.44.54.162:449

179.42.137.109:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_30cf1943205b1379499ea7f50fb93121acb2a14a4ee9438947bf7a495bbb1030

    • Size

      436KB

    • MD5

      705ca17be8e778ef8e2d3e22d77bbb0a

    • SHA1

      1856f6e6b4db428054ae969c78fb2666f0846190

    • SHA256

      30cf1943205b1379499ea7f50fb93121acb2a14a4ee9438947bf7a495bbb1030

    • SHA512

      cb68f506eaa18ce20385ea76aa76b382237112999cbe9a52ecb301c2dce08acf65c187a1563a177e012100c94ad1ca0daf3a1c259b083aa2e605da493ed6590f

    • SSDEEP

      6144:pkVJ67JhvuooYbJhMZnctQTFE4QbXU9CkDotFMcMNBlNtEKLtc:pkVJIDvZDlOFfQbXU9s79MNBjKotc

MITRE ATT&CK Enterprise v15

Tasks