Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New version of Trickbot not parsing config #57

Closed
enzok opened this issue Jul 10, 2018 · 4 comments
Closed

New version of Trickbot not parsing config #57

enzok opened this issue Jul 10, 2018 · 4 comments

Comments

@enzok
Copy link
Contributor

enzok commented Jul 10, 2018

The latest Trickbot samples are giving the following error:

CAPE: malwareconfig parsing error with TrickBot: not well-formed (invalid token): line 1, column 0

I haven't had the time to look into the samples manually to see what may have changed.

Here's some of the sample MD5s:
d2d7a0384f6a5e4e7a2eb59a5f4488da
9979eb8a5e2c4fd32938497e6d4f896b
@cy83rs30rd
Copy link

Additional hash if needed MD5:
74480875ef3e22fe33a912b9d0ec2db1

@kevoreilly
Copy link
Contributor

This should now be fixed - thanks for the hashes.

https://cape.contextis.com/analysis/16308
https://cape.contextis.com/analysis/16312

@cy83rs30rd
Copy link

Awesome work, thanks.

@enzok
Copy link
Contributor Author

enzok commented Aug 30, 2018

Nice work. I'll go ahead and close this one out.

@enzok enzok closed this as completed Aug 30, 2018
kevoreilly added a commit that referenced this issue Aug 22, 2019
@kevoreilly
Merge pull request #57 from kevross33/patch-58
5c0691c 
Update disables Windows Defender sig
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@enzok @kevoreilly @cy83rs30rd