General

  • Target

    JaffaCakes118_a28b094a6f7c6868a2369a5a238b484c53eef8864f9c0b7c41cf9eb3e831295e

  • Size

    756KB

  • Sample

    241222-arjkaavrdw

  • MD5

    686f01d9adfeaa6fb3e042d25e734229

  • SHA1

    00507b2e5f49311dd9a40e65f934c3cf14f35965

  • SHA256

    a28b094a6f7c6868a2369a5a238b484c53eef8864f9c0b7c41cf9eb3e831295e

  • SHA512

    050a38d32a1f2bb1ff6f362257b17f6d7e9699333df8d968d1b60f081fcc75afc9dc96564e6649dbba4307ddb893fb2913eb4cc9a7e91d40bb5eafa9c3118026

  • SSDEEP

    12288:weTBslq08I3L92xhqmqUVWFxjPV/jxEnU2vMQsK:5tI3L9WqdjPT67j

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top115

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_a28b094a6f7c6868a2369a5a238b484c53eef8864f9c0b7c41cf9eb3e831295e

    • Size

      756KB

    • MD5

      686f01d9adfeaa6fb3e042d25e734229

    • SHA1

      00507b2e5f49311dd9a40e65f934c3cf14f35965

    • SHA256

      a28b094a6f7c6868a2369a5a238b484c53eef8864f9c0b7c41cf9eb3e831295e

    • SHA512

      050a38d32a1f2bb1ff6f362257b17f6d7e9699333df8d968d1b60f081fcc75afc9dc96564e6649dbba4307ddb893fb2913eb4cc9a7e91d40bb5eafa9c3118026

    • SSDEEP

      12288:weTBslq08I3L92xhqmqUVWFxjPV/jxEnU2vMQsK:5tI3L9WqdjPT67j

MITRE ATT&CK Enterprise v15

Tasks