General

  • Target

    JaffaCakes118_5d4bc8366a0eb6d15b160ebfedeb9a5694ecf6c241ee4b176bba8ac96e105801

  • Size

    67KB

  • Sample

    241221-yhe3haxrgj

  • MD5

    814246dc09037c85300e3cd96f865989

  • SHA1

    33d72f4a991b1913ce2b25c85361932db5bf39c1

  • SHA256

    5d4bc8366a0eb6d15b160ebfedeb9a5694ecf6c241ee4b176bba8ac96e105801

  • SHA512

    b685172d6f60ff33d5168165401801d70d8335510fc99c81e638fe2117a3f34c7ee5545a794373a46f166ac8e8a444c94d988ed91034af756b2d742d8f8e4c44

  • SSDEEP

    1536:UJ0gTZAFs5o+aKpL2wcxN12bOm89TaStSxVmUx/3MM/pleDvKWETvBRq9/2U:1F2o4Lvc71284StwVptMM/OiWuBRID

Malware Config

Extracted

Family

trickbot

Version

100017

Botnet

rob120

C2

178.72.192.20:443

103.124.145.98:443

45.5.152.39:443

114.7.240.222:443

85.248.1.126:443

94.183.237.101:443

146.196.121.219:443

89.37.1.2:443

94.142.179.77:443

177.221.39.161:443

85.175.171.246:443

103.12.160.164:443

180.178.106.50:443

94.142.179.179:443

46.209.140.220:443

123.231.149.122:443

123.231.149.123:443

182.160.116.190:443

131.0.112.122:443

116.0.6.110:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      trickbot_00730000.bin

    • Size

      132KB

    • MD5

      741bb6f5389ed168168afaed7298d8d7

    • SHA1

      6942c1d92c7b724daf1762efb9f7b197def3229b

    • SHA256

      637592b1b3f10a5916eb1d6dd43b970da5cc7f2ad132e24cafdd1dbbfc89cdb9

    • SHA512

      58258d3ef56fa11a06dcaa54347ee1223debb2691c64f33a9d77a76cf3048cb04fa79e94fc822a3b904299474efdadca6536ab3c7fccb7979d5c3c6de7ba28dd

    • SSDEEP

      3072:6oDNbB2YhtT0ZUcuM2zRHQE+m5U1Kbu8Q9/2OWNcH/:JDNbBxwUW2zRwE+11Kbu8Q9/2Lmf

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks