General

  • Target

    JaffaCakes118_c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a

  • Size

    272KB

  • Sample

    241230-yvtreswpgp

  • MD5

    5f7b5a98f75f4aa550e4368eb6dc9733

  • SHA1

    d835a309e249f5d526529b9a28ed138b1bcfd40b

  • SHA256

    c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a

  • SHA512

    167e5e1af1c82b9379d4a275f77b373969c0655d0b4f6ea32942d70f18b1147e65ef525e8f8f2d3d27c0ebf914785ce7b15e7808c3ca1700983bbc9eb318ebac

  • SSDEEP

    6144:NJOlVjZdMjbYSgm0NBxHC6IA0YSalwbQOQLIrY:bOl1wjk3meBxX0YSaAQTS

Malware Config

Extracted

Family

trickbot

Version

100003

Botnet

rob7

C2

102.164.206.129:449

103.131.156.21:449

103.131.157.102:449

103.131.157.161:449

103.146.232.5:449

103.150.68.124:449

103.156.126.232:449

103.30.85.157:449

103.52.47.20:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      JaffaCakes118_c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a

    • Size

      272KB

    • MD5

      5f7b5a98f75f4aa550e4368eb6dc9733

    • SHA1

      d835a309e249f5d526529b9a28ed138b1bcfd40b

    • SHA256

      c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a

    • SHA512

      167e5e1af1c82b9379d4a275f77b373969c0655d0b4f6ea32942d70f18b1147e65ef525e8f8f2d3d27c0ebf914785ce7b15e7808c3ca1700983bbc9eb318ebac

    • SSDEEP

      6144:NJOlVjZdMjbYSgm0NBxHC6IA0YSalwbQOQLIrY:bOl1wjk3meBxX0YSaAQTS

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Enterprise v15

Tasks