Overview

overview

10

Static

static

10

trickbot_00730000.exe

windows7-x64

3

trickbot_00730000.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5d4bc8366a0eb6d15b160ebfedeb9a5694ecf6c241ee4b176bba8ac96e105801

  • Size

    67KB

  • MD5

    814246dc09037c85300e3cd96f865989

  • SHA1

    33d72f4a991b1913ce2b25c85361932db5bf39c1

  • SHA256

    5d4bc8366a0eb6d15b160ebfedeb9a5694ecf6c241ee4b176bba8ac96e105801

  • SHA512

    b685172d6f60ff33d5168165401801d70d8335510fc99c81e638fe2117a3f34c7ee5545a794373a46f166ac8e8a444c94d988ed91034af756b2d742d8f8e4c44

  • SSDEEP

    1536:UJ0gTZAFs5o+aKpL2wcxN12bOm89TaStSxVmUx/3MM/pleDvKWETvBRq9/2U:1F2o4Lvc71284StwVptMM/OiWuBRID

Score
10/10
rob120trickbot

Malware Config

Extracted

Family

trickbot

Version

100017

Botnet

rob120

C2

178.72.192.20:443

103.124.145.98:443

45.5.152.39:443

114.7.240.222:443

85.248.1.126:443

94.183.237.101:443

146.196.121.219:443

89.37.1.2:443

94.142.179.77:443

177.221.39.161:443

85.175.171.246:443

103.12.160.164:443

180.178.106.50:443

94.142.179.179:443

46.209.140.220:443

123.231.149.122:443

123.231.149.123:443

182.160.116.190:443

131.0.112.122:443

116.0.6.110:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Signatures

  • Trickbot family
    trickbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_5d4bc8366a0eb6d15b160ebfedeb9a5694ecf6c241ee4b176bba8ac96e105801
    .7z

    Password: infected

  • trickbot_00730000.bin
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections