General

  • Target

    JaffaCakes118_ca39ebe6bcb79ad7858670edc809f8ff276aa1a6fd2c2468600f4f0873490f6f

  • Size

    2.2MB

  • Sample

    241225-w2w41s1rhz

  • MD5

    5a80217363a3c4f33ee6eb887732238b

  • SHA1

    7361ab953bbf13afa76f946e3a2f3a906936aae5

  • SHA256

    ca39ebe6bcb79ad7858670edc809f8ff276aa1a6fd2c2468600f4f0873490f6f

  • SHA512

    e59ba3a3dd6e47f2d250d540e9a671e757ff50818768431f8e61167c00409ef0675ba20f6a866368b0c0a12e74ac283758eb8ad5f7da2de7d284af10aa9974ea

  • SSDEEP

    6144:Zo0gTwr/cG3J8Wt/s1XGxfSCkq/vWc3Wh0lxPIerqzg:ZoidiofStL

Malware Config

Extracted

Family

trickbot

Version

100021

Botnet

rob142

C2

181.129.85.98:443

189.112.119.205:443

189.51.118.78:443

186.121.214.106:443

49.176.188.184:443

61.69.102.170:443

213.32.252.221:443

89.46.216.2:443

103.36.79.3:443

103.108.97.51:443

95.140.217.242:443

41.175.22.226:443

190.109.169.161:443

186.159.12.18:443

190.109.171.17:443

181.196.148.202:443

186.47.75.58:443

186.42.212.30:443

190.214.21.14:443

187.108.32.133:443

Attributes
  • autorun

ecc_pubkey.base64
1
RUNTMzAAAABbfmkJRvwyw7iFkX40hL2HwsUeOSZZZo0FRRWGkY6J1+gf3YKq13Ee4sY3Jb9/0myCr0MwzNK1K2l5yuY87nW29Q/yjMJG0ISDj0HNBC3G+ZGta6Oi9QkjCwnNGbw2hQ4=

Targets

    • Target

      JaffaCakes118_ca39ebe6bcb79ad7858670edc809f8ff276aa1a6fd2c2468600f4f0873490f6f

    • Size

      2.2MB

    • MD5

      5a80217363a3c4f33ee6eb887732238b

    • SHA1

      7361ab953bbf13afa76f946e3a2f3a906936aae5

    • SHA256

      ca39ebe6bcb79ad7858670edc809f8ff276aa1a6fd2c2468600f4f0873490f6f

    • SHA512

      e59ba3a3dd6e47f2d250d540e9a671e757ff50818768431f8e61167c00409ef0675ba20f6a866368b0c0a12e74ac283758eb8ad5f7da2de7d284af10aa9974ea

    • SSDEEP

      6144:Zo0gTwr/cG3J8Wt/s1XGxfSCkq/vWc3Wh0lxPIerqzg:ZoidiofStL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.