trickbot

Resubmissions

30-09-2020 12:20

200930-fqzwdyegw6 10

08-01-2020 13:21

200108-n88n1jlvsn 10

Sharing

Copy URL

Twitter E-mail

General

Target

hddput8.exe
Size

296KB
Sample

200930-fqzwdyegw6
MD5

abaab50d38473aada7ad4d92dea9ac37
SHA1

46b486cc93aa214017372587ef9ca1c48c51fb4b
SHA256

cfd98c1ee7ab19a63b31bcb6be133e6b61ce723f94a8f91741983bf79b4d1158
SHA512

53383f5a83d5ec7bef7b8cb335b93898e23aabacc962db7976d3de3258d3beae2c19de91be55a94fc20b7d6e4dac3bf8e64f1f522cbad937bdab99300cdb3750

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000494

Botnet

red1

195.123.220.178:443

198.23.209.201:443

188.165.62.34:443

164.68.120.60:443

146.185.253.191:443

185.213.20.246:443

45.137.151.198:443

185.141.27.190:443

51.89.115.124:443

188.120.254.68:443

78.24.223.88:443

185.177.59.163:443

5.182.210.109:443

5.2.70.145:443

172.82.152.11:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449

181.113.28.146:449

181.112.157.42:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  hddput8.exe
- Size
  
  296KB
- MD5
  
  abaab50d38473aada7ad4d92dea9ac37
- SHA1
  
  46b486cc93aa214017372587ef9ca1c48c51fb4b
- SHA256
  
  cfd98c1ee7ab19a63b31bcb6be133e6b61ce723f94a8f91741983bf79b4d1158
- SHA512
  
  53383f5a83d5ec7bef7b8cb335b93898e23aabacc962db7976d3de3258d3beae2c19de91be55a94fc20b7d6e4dac3bf8e64f1f522cbad937bdab99300cdb3750
Score

10^/10

trojan banker trickbot
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2