trickbot

Resubmissions

10-11-2020 14:09

201110-j4kq1f84yn 10

10-11-2020 13:52

201110-tjb64jlajj 10

10-11-2020 13:37

201110-ad9dyxzvqj 8

10-11-2020 13:27

201110-kb2vhm8a22 8

Sharing

Copy URL

Twitter E-mail

General

Target

Document_11_9.doc
Size

1.2MB
Sample

201110-tjb64jlajj
MD5

bc0cc1e707b236fbd5cf9b27ff3c9461
SHA1

8b4c8c22c4b14dd5d9d6cc4975bf6f2af208e924
SHA256

dd3f16d98fa14d7e5fb83b3917ff3a42a5cf74356c4ec46391b608b20355d5fe
SHA512

df8bdce95f04ebf58112c994fc79792a76722f1ef7af5364994b1e46dafb517e9cc320a260a11b2336959a883c7d349bdd068f6bdcf01a83bd6e8ce964988688

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100001

Botnet

tar2

66.85.183.5:443

185.163.47.157:443

94.140.115.99:443

195.123.240.40:443

195.123.241.226:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  Document_11_9.doc
- Size
  
  1.2MB
- MD5
  
  bc0cc1e707b236fbd5cf9b27ff3c9461
- SHA1
  
  8b4c8c22c4b14dd5d9d6cc4975bf6f2af208e924
- SHA256
  
  dd3f16d98fa14d7e5fb83b3917ff3a42a5cf74356c4ec46391b608b20355d5fe
- SHA512
  
  df8bdce95f04ebf58112c994fc79792a76722f1ef7af5364994b1e46dafb517e9cc320a260a11b2336959a883c7d349bdd068f6bdcf01a83bd6e8ce964988688
Score

10^/10

trickbot tar2 banker trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Executes dropped EXE

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2