trickbot | JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

General

Target

JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8
Size

138KB
MD5

f3dcd3a18208a98d4b4f25a47f6df344
SHA1

3ced50ff1d6aae794bd853914ec6f58db08aa876
SHA256

7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8
SHA512

7985059bbbbc200c17674a7039cc5043acebad4f64fa135a9356b1603d414117e496fd11de47264bb2fa3789f8b2ba94fba47e9c5b954b7474b00b98ed7b8d46
SSDEEP

3072:TNpLkbQROlFBRcEfgBSLwU4MSxTl6y38FQpHs1:J1ksROfc8gBSLz459ln+

Score

10^/10

mon27 trickbot

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mon27

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

Files

JaffaCakes118_7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 126KB - Virtual size: 126KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB