General

  • Target

    JaffaCakes118_7f671c53c8376b91afc85d07b93c80828519791a9a906dd304606ba407146cf0

  • Size

    273KB

  • Sample

    241221-xcvekawmbx

  • MD5

    f0bbe04eb5d1e80d61b13357b2195b48

  • SHA1

    f00f86a8cbed9f8545be9648f622b90614bada42

  • SHA256

    7f671c53c8376b91afc85d07b93c80828519791a9a906dd304606ba407146cf0

  • SHA512

    daa928fa686bea722de596f0b651c3bc28002127c6ef7cc7e95c92c166a5503bbb282a612fad3f1444da9c158cb1a28a66a2e4a0d66eabe8ca34a0444520d508

  • SSDEEP

    6144:tXsyvN9cuozrzJyiWqSkCbSfc1YRWeLXlMh1xMGlwJ1nWG23dFPc:9n19dy0inc5W1GfHc1WGMdFU

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

ono80

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39.dll

    • Size

      340KB

    • MD5

      0da9b790450c4331df8accbb89c6f651

    • SHA1

      bdbe4484f568f3b518513191d577edcc0150b7b5

    • SHA256

      4013945c4997c0c02b6d094186dde0ae4fa499bc33afae5bbbc0207f2754fe39

    • SHA512

      3eddb0efa3081b2c1dd17e599d29f70dd15bbecaacd831dba65314ddb9d4b091e230c1c43a9d27bd59189b9ae3f0104d693691640e0924a2ea2d90421ef96ca7

    • SSDEEP

      6144:9F6V5IgE1hsqZcUgKhVD16BuhO+tqWoKIflv/JLeE+1ctvja3lA594:Xq+gKZcahX64hOZnJLEibaVA594

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Enterprise v15

Tasks