Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

29/10/2020, 14:11 UTC

201029-vsztnfplge 10

26/08/2020, 13:48 UTC

200826-1klx2ne3mj 3

General

  • Target

    printabledocx

  • Size

    293KB

  • Sample

    201029-vsztnfplge

  • MD5

    cbfb455108f9b2d783a66a6f9793352d

  • SHA1

    7237c3b785c03e1d24ab64464b1c0ce00ef1a4bc

  • SHA256

    210cddde479e8b524014a9bacf95299bc7287e342ee49a25d1eead62a6de3ce4

  • SHA512

    1c7fed8a955d1747e824195fb7b13c5470ffded3c88714e6bd8512193f7042f7ca1ec7688d7b079a1a2148a20e01ed5b543b9abcf5b5aceb109410a94aa20315

Malware Config

Extracted

Family

trickbot

Version

1000513

Botnet

chil103

C2

51.89.177.20:443

194.5.249.174:443

107.174.196.242:443

185.205.209.241:443

82.146.46.220:443

5.34.178.126:443

212.22.70.65:443

195.123.241.90:443

185.164.32.214:443

198.46.198.139:443

195.123.241.187:443

86.104.194.116:443

195.123.240.252:443

185.164.32.215:443

45.148.120.195:443

45.138.158.32:443

5.149.253.99:443

92.62.65.163:449

88.247.212.56:449

180.211.170.214:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64
1
RUNTMzAAAADzIIbbIE3wcze1+xiwwK+Au/P78UrAO8YAHyPvHEwGVKOPphl8QVfrC7x/QaFYeXANw6E4HF7ietEp+7ZVQdWOx8c+HvO0Z2PTUPVbX9HAVrg4h9u1RNfhOHk+YysDLsg=

Targets

    • Target

      printabledocx

    • Size

      293KB

    • MD5

      cbfb455108f9b2d783a66a6f9793352d

    • SHA1

      7237c3b785c03e1d24ab64464b1c0ce00ef1a4bc

    • SHA256

      210cddde479e8b524014a9bacf95299bc7287e342ee49a25d1eead62a6de3ce4

    • SHA512

      1c7fed8a955d1747e824195fb7b13c5470ffded3c88714e6bd8512193f7042f7ca1ec7688d7b079a1a2148a20e01ed5b543b9abcf5b5aceb109410a94aa20315

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.