General

  • Target

    JaffaCakes118_19fe353890bf2f29fea3a4f2d200b64643703d3294e614d7af25cdfb94317efd

  • Size

    756KB

  • Sample

    241223-rdwfcs1qbs

  • MD5

    c1d19d7f157f460da1d923c2db826ad3

  • SHA1

    a00891869f23a3f4d343f7316530171df7cfba20

  • SHA256

    19fe353890bf2f29fea3a4f2d200b64643703d3294e614d7af25cdfb94317efd

  • SHA512

    529d65252db648c8c08d52b7328da3e99fefe01a05ab14e8ed19a7a893a1efa4543425b04dbefc2c414579db87470d7dff2026821a3efd5bd05b2fc6412bee2b

  • SSDEEP

    12288:weTBslq08I3L92xhqmqUVWFxjPC/jxEnU2vMQsK:5tI3L9WqdjPy67j

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top115

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_19fe353890bf2f29fea3a4f2d200b64643703d3294e614d7af25cdfb94317efd

    • Size

      756KB

    • MD5

      c1d19d7f157f460da1d923c2db826ad3

    • SHA1

      a00891869f23a3f4d343f7316530171df7cfba20

    • SHA256

      19fe353890bf2f29fea3a4f2d200b64643703d3294e614d7af25cdfb94317efd

    • SHA512

      529d65252db648c8c08d52b7328da3e99fefe01a05ab14e8ed19a7a893a1efa4543425b04dbefc2c414579db87470d7dff2026821a3efd5bd05b2fc6412bee2b

    • SSDEEP

      12288:weTBslq08I3L92xhqmqUVWFxjPC/jxEnU2vMQsK:5tI3L9WqdjPy67j

MITRE ATT&CK Enterprise v15

Tasks