Overview

overview

10

Static

static

10

JaffaCakes...e8.exe

windows7-x64

3

JaffaCakes...e8.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

  • Size

    138KB

  • Sample

    241227-bmc3daxnfw

  • MD5

    f3dcd3a18208a98d4b4f25a47f6df344

  • SHA1

    3ced50ff1d6aae794bd853914ec6f58db08aa876

  • SHA256

    7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

  • SHA512

    7985059bbbbc200c17674a7039cc5043acebad4f64fa135a9356b1603d414117e496fd11de47264bb2fa3789f8b2ba94fba47e9c5b954b7474b00b98ed7b8d46

  • SSDEEP

    3072:TNpLkbQROlFBRcEfgBSLwU4MSxTl6y38FQpHs1:J1ksROfc8gBSLz459ln+

Score
10/10
trickbotmon27discovery

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mon27

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

    • Size

      138KB

    • MD5

      f3dcd3a18208a98d4b4f25a47f6df344

    • SHA1

      3ced50ff1d6aae794bd853914ec6f58db08aa876

    • SHA256

      7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

    • SHA512

      7985059bbbbc200c17674a7039cc5043acebad4f64fa135a9356b1603d414117e496fd11de47264bb2fa3789f8b2ba94fba47e9c5b954b7474b00b98ed7b8d46

    • SSDEEP

      3072:TNpLkbQROlFBRcEfgBSLwU4MSxTl6y38FQpHs1:J1ksROfc8gBSLz459ln+

    Score
    3/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks