General

  • Target

    JaffaCakes118_b84b5ffa65552140676968d0bafc52a00cd0fd9a5f7b70809d11a2b321ac834b

  • Size

    2.1MB

  • Sample

    241221-3fh4latpgq

  • MD5

    3bc400ab428b5c6f229b6158a4c084e9

  • SHA1

    76b70d96c464f68b531f3c040aabc4b5d8a8ffde

  • SHA256

    b84b5ffa65552140676968d0bafc52a00cd0fd9a5f7b70809d11a2b321ac834b

  • SHA512

    8be8e08b756e6d3c3ce0702ea5028fd8d4357e21472374276184f3e4e876fdff1929f34a07322f49154f04a488c2cf43f4addc56e4faea391e304c2abf4149c1

  • SSDEEP

    24576:mOIFcmtE7voEOJ4wDEeKKeD0qxDRQ85THxfOl1zEEVQW/b06UKQwZ7IPN/ewItlZ:mHIQBJKKULx+9EEhg6tZsUf+Mz

Malware Config

Targets

    • Target

      JaffaCakes118_b84b5ffa65552140676968d0bafc52a00cd0fd9a5f7b70809d11a2b321ac834b

    • Size

      2.1MB

    • MD5

      3bc400ab428b5c6f229b6158a4c084e9

    • SHA1

      76b70d96c464f68b531f3c040aabc4b5d8a8ffde

    • SHA256

      b84b5ffa65552140676968d0bafc52a00cd0fd9a5f7b70809d11a2b321ac834b

    • SHA512

      8be8e08b756e6d3c3ce0702ea5028fd8d4357e21472374276184f3e4e876fdff1929f34a07322f49154f04a488c2cf43f4addc56e4faea391e304c2abf4149c1

    • SSDEEP

      24576:mOIFcmtE7voEOJ4wDEeKKeD0qxDRQ85THxfOl1zEEVQW/b06UKQwZ7IPN/ewItlZ:mHIQBJKKULx+9EEhg6tZsUf+Mz

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks