General

  • Target

    JaffaCakes118_296e3906183e551b086313ba38b2cd8d1d56bda7672198f62b5ecae2f83d89ed

  • Size

    496KB

  • Sample

    241223-qca8cszpew

  • MD5

    bb25d94620d3f08a941a9c3edce9bb9a

  • SHA1

    f2102b7484ccda6f3a5705f03e478567f1747d46

  • SHA256

    296e3906183e551b086313ba38b2cd8d1d56bda7672198f62b5ecae2f83d89ed

  • SHA512

    a08427a668a33f7d2eb4c12d7985fa8a0e79db30945d468ac6b03d4bc1c9f2a9bf14ed81052281b313ff27ecff95aafb39961805e514a428d4b0f2a7c461bca9

  • SSDEEP

    12288:uGafAqAoUH7u3KKzoYnxNr/GXodDwLc/cAgGJZL:1aYqZUbualgxJG+cLtArJ

Malware Config

Extracted

Family

trickbot

Version

100017

Botnet

sat1

C2

178.72.192.20:443

103.124.145.98:443

45.5.152.39:443

114.7.240.222:443

85.248.1.126:443

94.183.237.101:443

146.196.121.219:443

89.37.1.2:443

94.142.179.77:443

177.221.39.161:443

85.175.171.246:443

103.12.160.164:443

180.178.106.50:443

94.142.179.179:443

46.209.140.220:443

123.231.149.122:443

123.231.149.123:443

182.160.116.190:443

131.0.112.122:443

116.0.6.110:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      be8c7560d3d223aa6c3dfce8da989c5dcc845466694f266da5a9b9d7ccb8644a

    • Size

      649KB

    • MD5

      f417ee44492f1715e1019a73b73ffd2b

    • SHA1

      6e473b1064b73084265cc3ec5d228a248d6322e3

    • SHA256

      be8c7560d3d223aa6c3dfce8da989c5dcc845466694f266da5a9b9d7ccb8644a

    • SHA512

      08c5c86d6d6d281851d251728e653a2bf51b1191d1dc7898ec3631a54b6a2aae9ded5095272a6e29347bb5f076d17ea7f08b8fda82c7be112abadff524b9772a

    • SSDEEP

      12288:LR0JJhudrUtLpDwrEJKu+90vN8tLpDwrEJKu+90vo:LRVdYtLOrr2vN8tLOrr2vo

MITRE ATT&CK Enterprise v15

Tasks