trickbot

General

Target

DVOBSNDSOG.dll
Size

382KB
Sample

201006-ml429jtxvs
MD5

7c537f7a08f180c10cfe5a64741909b3
SHA1

09a41c9d0aa71a05daf10ef11fd615b6208b5db6
SHA256

c965159b432c96ca529d359e82bf92bf6b5199ff686d6a31c20ab7741c719df2
SHA512

fecb709fa35ff2bd059c0a244900c92b7560b8d12539baee161207824024cfbba15714ef8ce99fe4ad6333038f619d01b399a0d1be533379be8653b14a5460bc

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000010

Botnet

ono78

C2

195.123.239.59:443

85.143.219.36:443

94.250.254.84:443

94.250.255.217:443

212.80.219.98:443

91.210.171.82:443

45.8.230.108:443

194.156.98.172:443

195.2.93.227:443

62.108.35.179:443

91.200.101.192:443

194.5.249.31:443

195.123.241.157:443

104.161.32.10:443

88.150.197.186:443

62.108.35.204:443

45.155.173.196:443

51.89.177.18:443

194.5.249.107:443

195.123.241.182:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  DVOBSNDSOG.dll
- Size
  
  382KB
- MD5
  
  7c537f7a08f180c10cfe5a64741909b3
- SHA1
  
  09a41c9d0aa71a05daf10ef11fd615b6208b5db6
- SHA256
  
  c965159b432c96ca529d359e82bf92bf6b5199ff686d6a31c20ab7741c719df2
- SHA512
  
  fecb709fa35ff2bd059c0a244900c92b7560b8d12539baee161207824024cfbba15714ef8ce99fe4ad6333038f619d01b399a0d1be533379be8653b14a5460bc
Score

10^/10

trojan banker trickbot
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2