Overview

overview

10

Static

static

8

asdodnj1119505.doc

windows7_x64

10

asdodnj1119505.doc

windows10_x64

1

Resubmissions

07-10-2020 05:38

201007-meaceze37e 10

07-10-2020 05:01

201007-52y7t2889j 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    asdodnj1119505.doc

  • Size

    1.1MB

  • Sample

    201007-meaceze37e

  • MD5

    c4dc25fdbdc0b722de6cb190e08757ce

  • SHA1

    d52e95b887badf0081d66965913555a0b59f00e9

  • SHA256

    5e84efe4d51ed6e3de4aca32ec599edaf9fd1a2ff1a45dae5d471a53fd121e3e

  • SHA512

    7fe15ed619e2957ba3563c05c807e673f9927e1a4324c95114aca04dd30e1fc1dfb18a55a3840278b7ef1fe5346b242e6875c2228344302c51c3398c211c9a48

Score
10/10
trickbotono78bankermacrotrojan

Malware Config

Extracted

Family

trickbot

Version

2000010

Botnet

ono78

C2

195.123.239.59:443

85.143.219.36:443

94.250.254.84:443

94.250.255.217:443

212.80.219.98:443

91.210.171.82:443

45.8.230.108:443

194.156.98.172:443

195.2.93.227:443

62.108.35.179:443

91.200.101.192:443

194.5.249.31:443

195.123.241.157:443

104.161.32.10:443

88.150.197.186:443

62.108.35.204:443

45.155.173.196:443

51.89.177.18:443

194.5.249.107:443

195.123.241.182:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      asdodnj1119505.doc

    • Size

      1.1MB

    • MD5

      c4dc25fdbdc0b722de6cb190e08757ce

    • SHA1

      d52e95b887badf0081d66965913555a0b59f00e9

    • SHA256

      5e84efe4d51ed6e3de4aca32ec599edaf9fd1a2ff1a45dae5d471a53fd121e3e

    • SHA512

      7fe15ed619e2957ba3563c05c807e673f9927e1a4324c95114aca04dd30e1fc1dfb18a55a3840278b7ef1fe5346b242e6875c2228344302c51c3398c211c9a48

    Score
    10/10
    trojanbankertrickbot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks