trickbot

General

Target

92c49cd55fdca695e13db05e4b1b8eea0587420beca80aad4dd8dd4c402f5e16
Size

360KB
Sample

200218-wr7gzcamhj
MD5

ae63426b87d82a8944dae4dc588599a8
SHA1

0fb0a2f879ce84d50fc2ac5defc7f767155da9f9
SHA256

92c49cd55fdca695e13db05e4b1b8eea0587420beca80aad4dd8dd4c402f5e16
SHA512

4ae1b745438803385b49f06a872bc8332f09d02a872a280422c30f6d78e7e761ff094eee5141b1fba78640b30111e675932ca9f29faf4ce1c7dac89583e8b61c

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000497

Botnet

jim666

C2

5.182.210.226:443

5.182.210.246:443

82.146.62.52:443

198.8.91.10:443

195.123.221.53:443

51.89.115.116:443

164.68.120.56:443

85.204.116.237:443

5.2.75.167:443

93.189.42.146:443

185.252.144.174:443

81.177.165.145:443

217.107.34.151:443

146.185.219.165:443

194.87.238.87:443

146.185.253.18:443

194.5.250.155:443

195.123.216.223:443

185.99.2.160:443

5.182.210.230:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  92c49cd55fdca695e13db05e4b1b8eea0587420beca80aad4dd8dd4c402f5e16
- Size
  
  360KB
- MD5
  
  ae63426b87d82a8944dae4dc588599a8
- SHA1
  
  0fb0a2f879ce84d50fc2ac5defc7f767155da9f9
- SHA256
  
  92c49cd55fdca695e13db05e4b1b8eea0587420beca80aad4dd8dd4c402f5e16
- SHA512
  
  4ae1b745438803385b49f06a872bc8332f09d02a872a280422c30f6d78e7e761ff094eee5141b1fba78640b30111e675932ca9f29faf4ce1c7dac89583e8b61c
Score

10^/10

trickbot jim666 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2