General

  • Target

    JaffaCakes118_761fac32da82785fd7b74b20bd1153a6327e481f386a3b9bbc949490bc25af64

  • Size

    663KB

  • Sample

    241230-wcvjws1qem

  • MD5

    07ea09d1015b4c6428b7a7969e8deb4f

  • SHA1

    77f8e87c8a97236379aa73df66b06cd7b74dd382

  • SHA256

    761fac32da82785fd7b74b20bd1153a6327e481f386a3b9bbc949490bc25af64

  • SHA512

    b1cca951d29e3890d63b05313b54ab1174fe6d39b779fa8c892a0414e3b8e01c7e1ac51643c62cb09d065e4e09a2f81c3bb4560ae35a898ef7deb79cf70a4031

  • SSDEEP

    12288:IyjfdBQFNt+b02xSitftI/wLkPIawp6beLw04dBmTU9MSfl09VMEDX:IQ0+b02zftyIOg4dc5r96EDX

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

rob57

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      1e749ea17f499e72237981072900998abc755bdcd0286b968d731e241c1a744a.dll

    • Size

      4.4MB

    • MD5

      8fe3bd4d5898f1fd59347f9db14373f8

    • SHA1

      67c0ca68702204af99ffeb0a2b6059fa2d11c61e

    • SHA256

      1e749ea17f499e72237981072900998abc755bdcd0286b968d731e241c1a744a

    • SHA512

      54e7ab67c3148ff17fdc57721d29c77d7bbae24d1298b1b3e4ca62941459ab4f0ddcec37e59693a98f1dabc768e4828dfcecaa13beea4edb65cc321f0ca63a9f

    • SSDEEP

      49152:IGJBADdfU07gXPUwfdgwS5uHCbqRa/ft4udat:+dWE+a/l4oat

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Enterprise v15

Tasks