Overview

overview

10

Static

static

52da51085e...29.exe

windows7_x64

10

52da51085e...29.exe

windows10_x64

10

Resubmissions

10-11-2020 01:13

201110-43542766za 10

09-11-2020 21:24

201109-1h2689rg6n 10

09-11-2020 21:17

201109-txtk4hb582 10

Analysis

  • max time kernel
    83s
  • max time network
    111s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe

  • Size

    660KB

  • MD5

    3ba7d3dbc17ce640e0bb3dd5f989169b

  • SHA1

    84ee0b6e02339f1deb33d75693551db444923ba8

  • SHA256

    52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929

  • SHA512

    3a683b35dc6b6c17de5a21171625c3fb5259d60c73867aa81b89cedeef61f1b95cce099cc5bb4fdeb2ddf7f2f0236c6d877970768a7f91330ecfbbc38931a231

Score
10/10
trickbottar2bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100001

Botnet

tar2

C2

66.85.183.5:443

185.163.47.157:443

94.140.115.99:443

195.123.240.40:443

195.123.241.226:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe
    "C:\Users\Admin\AppData\Local\Temp\52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/980-0-0x0000000003AD0000-0x0000000003B0E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/980-1-0x0000000003B10000-0x0000000003B4A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2660-2-0x0000000000000000-mapping.dmp

    Download