trickbot

General

Target

7194aa3ef48725220516bc618aec8ab92ddef859de8f584a6a214ed9812e221a.zip
Size

242KB
Sample

201104-ym7sxm8vqn
MD5

97aa2136fcdb39cd97853dc483222c64
SHA1

9d4a376f4421c8b8f6cc4fe9ef3e07f4260834d6
SHA256

161eb4d7ad2f2eae343d0ab382519c81f444e982ccf63324692b417169caf99e
SHA512

619f4b0bcd8568de23f0abe77898fce0d3237ba7bc0bbe49945b0fcf8a336af7ac58f7fd1ac78e527ff1c033174a13df0e964993b5857755af53f3bbf1da3234

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000089

Botnet

kas89

C2

187.188.162.150:449

83.0.245.234:449

149.154.68.252:443

62.109.11.80:443

78.24.218.150:443

92.63.97.68:443

82.146.61.187:443

80.87.199.210:443

82.146.59.149:443

188.120.247.223:443

94.250.250.112:443

149.154.71.95:443

37.230.112.76:443

94.250.250.114:443

95.213.237.223:443

185.228.232.242:443

141.255.167.126:443

5.200.47.90:443

185.158.114.126:443

185.125.46.113:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  7194aa3ef48725220516bc618aec8ab92ddef859de8f584a6a214ed9812e221a
- Size
  
  441KB
- MD5
  
  ba722f76070e001e44c82998b66e9009
- SHA1
  
  98136a5f534249449b02528fc0c51be147dca4c8
- SHA256
  
  7194aa3ef48725220516bc618aec8ab92ddef859de8f584a6a214ed9812e221a
- SHA512
  
  1e805401f9166d53012a342bdbd9eba1253d9374af52440616f615d4e3aa2a9996f40398ca9c60e504e17f19029533445c3feca0900ff45339a37630932c6934
Score

10^/10

trickbot kas89 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2