General

  • Target

    JaffaCakes118_dec0aa9999b5b92e1d80e34f06ff58e381179fd8abc8b54936abc69289dde67f

  • Size

    452KB

  • Sample

    241223-va526svphl

  • MD5

    abacf1d6a35fc38c9691ff03a75aff97

  • SHA1

    7ba48ca69fb567b9262fc3b9661e1e7971ab38c6

  • SHA256

    dec0aa9999b5b92e1d80e34f06ff58e381179fd8abc8b54936abc69289dde67f

  • SHA512

    418a9a43c50ceab2dafaf1a70c6a82bc98cda222a2962b837a2462ec10c42982517bc2163e1fe5b7fd21e86cc3f35d83ce4545a208d41b733dbb59ae525e155d

  • SSDEEP

    12288:b9roc4eh/BZF7vVNZSKPk2nP+HT1bjGfCp/pGbUV4:b9rNnBZF79PPn2z1aCKwO

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

sat2

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      bb67713cb5733d091111f34dfde3a1723507b9f6ffe38257996bb0c906a677f3

    • Size

      640KB

    • MD5

      c3a9b7357e462c207a4b64ea8ba2ecf0

    • SHA1

      9fc3b2e8c963730f7c28427c3eb94aabe0001481

    • SHA256

      bb67713cb5733d091111f34dfde3a1723507b9f6ffe38257996bb0c906a677f3

    • SHA512

      4f9e54a6fe769bbe9cb292afa7cf1f70478a0e3f0b73dd5867edd7cd97d9653d2f8127461f2372c083c70c4b4e5293b561a65c38cc0cdb66422e31644e0c8f35

    • SSDEEP

      12288:mp7J/EbHidy3vZ86lhXo0vCR2f9IwKsOuoWyae8sOTT/Fe:mp7NEudy3BhoIupac8sOTT/Fe

MITRE ATT&CK Enterprise v15

Tasks