General

  • Target

    JaffaCakes118_bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5

  • Size

    200KB

  • Sample

    241222-m6bt7svres

  • MD5

    486365654c861c164232fa88ad8bf7bc

  • SHA1

    7c081135b4d3c4f4ce567aa9b9338111559d6178

  • SHA256

    bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5

  • SHA512

    53ce0126b15b8e5edaf0a4ec357304d84652dc106bcc59c2d0332301ca9b4a79165bdf9468f49fbb41d65d674f1c2062e61b68340ae3abd538efa26b16ffd3ab

  • SSDEEP

    6144:NvnBzHL3NQ3TGWN4t8OKXcA24OQf/AncP:N/JHTW3Ta8OKXFj/0+

Malware Config

Extracted

Family

trickbot

Version

1000140

Botnet

tt0002

C2

212.14.51.43:449

212.14.51.56:449

195.133.146.92:443

194.87.94.8:443

92.53.91.252:443

185.228.233.174:443

109.234.38.22:443

82.202.204.172:443

185.246.64.65:443

94.250.253.69:443

81.177.140.199:443

217.107.219.15:443

109.234.35.230:443

89.223.31.219:443

185.246.64.156:443

94.250.253.74:443

54.38.49.80:443

185.246.64.221:443

94.103.80.99:443

Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:injectDll
ecc_pubkey.base64

Targets

    • Target

      0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff

    • Size

      420KB

    • MD5

      3c342c8cb39593c738af9e17191bad45

    • SHA1

      f0f7864d10296a461f98bfa59beda05ec85d37e8

    • SHA256

      0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff

    • SHA512

      bed014d8d111c2c5b236630bb238edd7c2eb18f58bb29f38a6ee63a79fc679d461955098ed393fd3449c50f582205e19bc0f547ea28473234bf1289b4932a192

    • SSDEEP

      6144:gUITQvS6fbHLPqXHY9qBTZETgtDRVd/guYwTgnwJEDqqIIYQ74g:iUvS6zHLPqlFEMxd/guYwpL

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Windows security bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks