General

  • Target

    JaffaCakes118_f21ef9bcf5ab5303828e25ce7f18a7a4e6ea4e22b948c428ce8d87765fe8df4d

  • Size

    231KB

  • Sample

    241230-d2y99swrdr

  • MD5

    aeeb7823ed77fd725b495b4b48cebe5a

  • SHA1

    5505e698fd9785f5c33c13a37a02140182f61728

  • SHA256

    f21ef9bcf5ab5303828e25ce7f18a7a4e6ea4e22b948c428ce8d87765fe8df4d

  • SHA512

    69fb7c87fe798f3c2dd5e62c681599931c7196adb28037ef464b5d0199aeeb4efd07b9086082a771c9832d69f9e93e97fdd89a65a4fbc66898c5306736083202

  • SSDEEP

    6144:QZ4PV5WBFQUGkv3u+k/CNSIFZ88w8Ugwb8twoSJFuRs1:YUcFJrk8SIg8w+tJSnr

Malware Config

Extracted

Family

trickbot

Version

1000514

Botnet

ono76

C2

51.89.163.40:443

89.223.126.186:443

45.67.231.68:443

148.251.185.165:443

194.87.110.144:443

213.32.84.27:443

185.234.72.35:443

45.89.125.148:443

195.123.240.104:443

185.99.2.243:443

5.182.211.223:443

195.123.240.113:443

85.204.116.173:443

5.152.210.188:443

103.36.48.103:449

36.94.33.102:449

36.91.87.227:449

177.190.69.162:449

103.76.169.213:449

179.97.246.23:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4.dll

    • Size

      304KB

    • MD5

      0828f63b9396fead9231cae937694a37

    • SHA1

      66f370b3a1dcfb9c87a31b35d2c0951a3b1612f8

    • SHA256

      fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4

    • SHA512

      dc34118892dfb58d22e888818b06c3f67307261238fb96eb9d75a2a2d88e761c07295cb6706a6783795d8365251bed83e91f1631cc86ca8ae16113156c561256

    • SSDEEP

      3072:Uz/9xlxG5uQ5qPfKUwUS6pRBdHQwlaAwgQegMjA3k30qSeLZerTCC0NBSNka9Jvo:2NG51UrS6pRBdwwlaDe3EqSedAWU2as

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Enterprise v15

Tasks