General

  • Target

    JaffaCakes118_f3a41d33fdf5ec9dbf81b5c511f5b56339ea4719c2e568d586ade0cde72222cd

  • Size

    2.1MB

  • Sample

    241222-k9bmhaspfp

  • MD5

    578f26bd156782e1c93153e71e31af38

  • SHA1

    6081302fcfb7033b6f5d795fcb623849c8be220f

  • SHA256

    f3a41d33fdf5ec9dbf81b5c511f5b56339ea4719c2e568d586ade0cde72222cd

  • SHA512

    4a301c25841d1a97e7255e104dac4f0d2f930945e9892b1d904483c3564e889730624b8c2006c810e6b7cdf9f7325addba2668a54ad72f27e7500b609af08be5

  • SSDEEP

    24576:mOIFcmtE7voEOJ4wDEeKKeD0qxDRQ85THxfOl1zEEVQW/b06UKQzZ7IPN/ewItlZ:mHIQBJKKULx+9EEhg6uZsUf+Mz

Malware Config

Targets

    • Target

      JaffaCakes118_f3a41d33fdf5ec9dbf81b5c511f5b56339ea4719c2e568d586ade0cde72222cd

    • Size

      2.1MB

    • MD5

      578f26bd156782e1c93153e71e31af38

    • SHA1

      6081302fcfb7033b6f5d795fcb623849c8be220f

    • SHA256

      f3a41d33fdf5ec9dbf81b5c511f5b56339ea4719c2e568d586ade0cde72222cd

    • SHA512

      4a301c25841d1a97e7255e104dac4f0d2f930945e9892b1d904483c3564e889730624b8c2006c810e6b7cdf9f7325addba2668a54ad72f27e7500b609af08be5

    • SSDEEP

      24576:mOIFcmtE7voEOJ4wDEeKKeD0qxDRQ85THxfOl1zEEVQW/b06UKQzZ7IPN/ewItlZ:mHIQBJKKULx+9EEhg6uZsUf+Mz

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks