trickbot

General

Target

198e096f68254a4adf6ec7cbd3d6a1d34accf1e19fdee50f58cab81bbc1b9e86.zip
Size

239KB
Sample

201104-6fqg9qvbya
MD5

37c12c69fecd2693c1790374f04e2fb6
SHA1

0ec7d3549de51f35de59b4c4d9a1cc05abe7bd6a
SHA256

239fd6381b7eca858d7592b51db77e2d855b2e2c453d167ce6d27a6659e763f3
SHA512

3356754cd9e974ff18be814b7345caa8e0f04b8ee54489dbfd95657880b717b9636c1ac6c32777d3770355187545705cd3e6510492dad25bb7ce9da4a3c5e7cc

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000085

Botnet

kas83

C2

187.188.162.150:449

185.28.63.109:449

83.0.245.234:449

213.241.29.89:449

62.109.31.123:443

92.63.107.14:443

92.63.107.222:443

92.63.104.211:443

62.109.25.3:443

62.109.26.208:443

37.230.113.231:443

149.154.69.126:443

95.213.191.144:443

82.202.226.229:443

37.230.113.249:443

149.154.69.129:443

185.158.114.72:443

179.43.160.50:443

94.250.254.22:443

149.154.70.248:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  198e096f68254a4adf6ec7cbd3d6a1d34accf1e19fdee50f58cab81bbc1b9e86
- Size
  
  447KB
- MD5
  
  4f959e2a1958c2020043c2399f4c2987
- SHA1
  
  2b61b10ec489733e66250fc13a7ff38ee5d31bc1
- SHA256
  
  198e096f68254a4adf6ec7cbd3d6a1d34accf1e19fdee50f58cab81bbc1b9e86
- SHA512
  
  7cf93ecbabdb2a66786c709345e509c1a30beee41d466f7ff8cd3a77c0102b4046b8be482cba87e4fb0c64e8c7830b5e95f3bedb46dd094f539f281eca8e90fd
Score

10^/10

trickbot kas83 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2