trickbot

General

Target

88c5b16647bf14ec1979b7ddbe1b8f098c8a79dc3694f9a21ce3778d0a6cb3b8
Size

360KB
Sample

200218-3yy25s5wm2
MD5

a09c86f85f7f15a6c966d762aa1b3652
SHA1

204dbe7d06a1025e6eed049bd70a3bece2d2bcd7
SHA256

88c5b16647bf14ec1979b7ddbe1b8f098c8a79dc3694f9a21ce3778d0a6cb3b8
SHA512

f5c398a7fd0e00e8036b0a7efe8e1f75987fef4039ce622ffb1f8e9cdfb8fa11f274471a4b669dee771a66bb9c3ca07dde2e941a5106ed0e8490f05919eefe22

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000497

Botnet

jim666

C2

5.182.210.226:443

5.182.210.246:443

82.146.62.52:443

198.8.91.10:443

195.123.221.53:443

51.89.115.116:443

164.68.120.56:443

85.204.116.237:443

5.2.75.167:443

93.189.42.146:443

185.252.144.174:443

81.177.165.145:443

217.107.34.151:443

146.185.219.165:443

194.87.238.87:443

146.185.253.18:443

194.5.250.155:443

195.123.216.223:443

185.99.2.160:443

5.182.210.230:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  88c5b16647bf14ec1979b7ddbe1b8f098c8a79dc3694f9a21ce3778d0a6cb3b8
- Size
  
  360KB
- MD5
  
  a09c86f85f7f15a6c966d762aa1b3652
- SHA1
  
  204dbe7d06a1025e6eed049bd70a3bece2d2bcd7
- SHA256
  
  88c5b16647bf14ec1979b7ddbe1b8f098c8a79dc3694f9a21ce3778d0a6cb3b8
- SHA512
  
  f5c398a7fd0e00e8036b0a7efe8e1f75987fef4039ce622ffb1f8e9cdfb8fa11f274471a4b669dee771a66bb9c3ca07dde2e941a5106ed0e8490f05919eefe22
Score

10^/10

trickbot jim666 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2