General

  • Target

    JaffaCakes118_4efeec430bc8652811e70d2d3e7b0941f8dc57954870294e20386db0a9246978

  • Size

    391KB

  • Sample

    241221-xqf44axjdr

  • MD5

    a48a8e784c096badb938cf3937c1ba86

  • SHA1

    aa207b6296acfb80aae1e0b901721e190aea3da7

  • SHA256

    4efeec430bc8652811e70d2d3e7b0941f8dc57954870294e20386db0a9246978

  • SHA512

    e0184016f19989d279800d967cc63cca52fa661c1efdecc1125a6fe1ce8e1535faf10239eeff164742828e290697520a7cabd225613f470e75875726a4d9fc1e

  • SSDEEP

    6144:8bsVEPq8Y3Hland0SiVtDozDwZgZk8xknrs1g43SOqpqoFBvZ2YyiHbhqVTqkEWo:8IVWY8dHtggCV4153ZsFxZ2RilqVIoy

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top119

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      d042198a99bf5d4ab106fa335ceb0d2f7d0e0d697837e75bd16990c7a9ff4633

    • Size

      820KB

    • MD5

      4261c8199748a2189cc7e7a5dac71904

    • SHA1

      72c2644ea96274b5e045b44a824323885975cac5

    • SHA256

      d042198a99bf5d4ab106fa335ceb0d2f7d0e0d697837e75bd16990c7a9ff4633

    • SHA512

      7c6171b9be123601d65dcbb29c12268040cac620564fb0764d021a32d10a2aeb6390ec32b1637bd318b3abbdf094374240b4deb7215ce10e5f527677039e4b80

    • SSDEEP

      12288:QFuLe4nHJm79H5d51MKd3GydYLMcOCWvnJi7:QFF4nHJoRZbnJc

MITRE ATT&CK Enterprise v15

Tasks