trickbot

General

Target

84c278c9ac112f94b324e0f99a6dce7746f17eb60688df88d3fa7d72e4a0f558.zip
Size

253KB
Sample

201104-lc4ynlwx1s
MD5

8b0aa7ae399a42339f8d29e3386c9f99
SHA1

0d0b217341ffe27e30ed1b7950550d6d8700c894
SHA256

9a7b811aff67ed3aca54a34df7ba6030bf06a3c65db603bc8f8cde338ef1dec7
SHA512

40e2592b6b4b7959c6fdf277b7e230ca0381c53ac30c0abbf1f040b0b25a4f77d63b41c4e78e47e1fe9fd6450c72eb0f61d44ac0ba1e6e910819044942df540c

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000084

Botnet

kas82

C2

187.188.162.150:449

185.28.63.109:449

83.0.245.234:449

213.241.29.89:449

62.109.31.123:443

92.63.106.191:443

92.63.107.14:443

82.146.62.66:443

92.63.107.222:443

92.63.104.211:443

62.109.25.3:443

188.120.241.27:443

179.43.160.41:443

185.158.114.143:443

179.43.147.220:443

92.53.67.7:443

78.155.206.172:443

62.109.27.155:443

62.109.26.208:443

37.230.113.231:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  84c278c9ac112f94b324e0f99a6dce7746f17eb60688df88d3fa7d72e4a0f558
- Size
  
  435KB
- MD5
  
  06e67970894da9ae379becfa19c0ef64
- SHA1
  
  fdbfaa1a2d407dbb1e4535fe98882a0e626327d6
- SHA256
  
  84c278c9ac112f94b324e0f99a6dce7746f17eb60688df88d3fa7d72e4a0f558
- SHA512
  
  c5d81c8144acbda22d83acd3eb2bc588a83c2463c5ec9b04bfb4205983f72bf0414cdaca45872c887ac7a37c4731a1e3c190828eae237dfe7d445e465fcd3137
Score

10^/10

trickbot kas82 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2