printabledocx

General
Target

printabledocx

Size

293KB

Sample

201029-vsztnfplge

Score
10 /10
MD5

cbfb455108f9b2d783a66a6f9793352d

SHA1

7237c3b785c03e1d24ab64464b1c0ce00ef1a4bc

SHA256

210cddde479e8b524014a9bacf95299bc7287e342ee49a25d1eead62a6de3ce4

SHA512

1c7fed8a955d1747e824195fb7b13c5470ffded3c88714e6bd8512193f7042f7ca1ec7688d7b079a1a2148a20e01ed5b543b9abcf5b5aceb109410a94aa20315

Malware Config

Extracted

Family trickbot
Version 1000513
Botnet chil103
C2

51.89.177.20:443

194.5.249.174:443

107.174.196.242:443

185.205.209.241:443

82.146.46.220:443

5.34.178.126:443

212.22.70.65:443

195.123.241.90:443

185.164.32.214:443

198.46.198.139:443

195.123.241.187:443

86.104.194.116:443

195.123.240.252:443

185.164.32.215:443

45.148.120.195:443

45.138.158.32:443

5.149.253.99:443

92.62.65.163:449

88.247.212.56:449

180.211.170.214:449

186.159.8.218:449

158.181.155.153:449

27.147.173.227:449

103.130.114.106:449

103.221.254.102:449

187.109.119.99:449

220.247.174.12:449

183.81.154.113:449

121.101.185.130:449

200.116.159.183:449

200.116.232.186:449

103.87.169.150:449

180.211.95.14:449

103.36.48.103:449

45.127.222.8:449

112.109.19.178:449

36.94.33.102:449

110.232.249.13:449

177.190.69.162:449

Attributes
autorun
Name: pwgrab
ecc_pubkey.base64
Targets
Target

printabledocx

MD5

cbfb455108f9b2d783a66a6f9793352d

Filesize

293KB

Score
10 /10
SHA1

7237c3b785c03e1d24ab64464b1c0ce00ef1a4bc

SHA256

210cddde479e8b524014a9bacf95299bc7287e342ee49a25d1eead62a6de3ce4

SHA512

1c7fed8a955d1747e824195fb7b13c5470ffded3c88714e6bd8512193f7042f7ca1ec7688d7b079a1a2148a20e01ed5b543b9abcf5b5aceb109410a94aa20315

Tags

Signatures

  • Trickbot

    Description

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    Tags

  • Templ.dll packer

    Description

    Detects Templ.dll packer which usually loads Trickbot.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10