General
-
Target
JaffaCakes118_bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5
-
Size
200KB
-
Sample
241222-m6bt7svres
-
MD5
486365654c861c164232fa88ad8bf7bc
-
SHA1
7c081135b4d3c4f4ce567aa9b9338111559d6178
-
SHA256
bd4fd4c2a413dd0aa075df0a2ead3e936e3e6e75cc1f3e85cc815785fff51ef5
-
SHA512
53ce0126b15b8e5edaf0a4ec357304d84652dc106bcc59c2d0332301ca9b4a79165bdf9468f49fbb41d65d674f1c2062e61b68340ae3abd538efa26b16ffd3ab
-
SSDEEP
6144:NvnBzHL3NQ3TGWN4t8OKXcA24OQf/AncP:N/JHTW3Ta8OKXFj/0+
Static task
static1
Behavioral task
behavioral1
Sample
0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff.exe
Resource
win7-20240903-en
Malware Config
Extracted
trickbot
1000140
tt0002
212.14.51.43:449
212.14.51.56:449
195.133.146.92:443
194.87.94.8:443
92.53.91.252:443
185.228.233.174:443
109.234.38.22:443
82.202.204.172:443
185.246.64.65:443
94.250.253.69:443
81.177.140.199:443
217.107.219.15:443
109.234.35.230:443
89.223.31.219:443
185.246.64.156:443
94.250.253.74:443
54.38.49.80:443
185.246.64.221:443
94.103.80.99:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff
-
Size
420KB
-
MD5
3c342c8cb39593c738af9e17191bad45
-
SHA1
f0f7864d10296a461f98bfa59beda05ec85d37e8
-
SHA256
0ab39c0e0ed560ff770190576ed47ffa60542c8f9944a6b430f699b1586d2eff
-
SHA512
bed014d8d111c2c5b236630bb238edd7c2eb18f58bb29f38a6ee63a79fc679d461955098ed393fd3449c50f582205e19bc0f547ea28473234bf1289b4932a192
-
SSDEEP
6144:gUITQvS6fbHLPqXHY9qBTZETgtDRVd/guYwTgnwJEDqqIIYQ74g:iUvS6zHLPqlFEMxd/guYwpL
-
Trickbot family
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-