Analysis
-
max time kernel
1786s -
max time network
1791s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-11-2020 23:00
General
-
Target
f2b59fd4fb474f8faa420984fb13915375cc8d01e19995ec9c70017194e597be.exe
-
Size
131KB
-
MD5
45f3d3c3facfcd44e305e6217bea7cd7
-
SHA1
cde2412d5c5b9541fed45254dd64d295635db403
-
SHA256
f2b59fd4fb474f8faa420984fb13915375cc8d01e19995ec9c70017194e597be
-
SHA512
bd098649689d2a50b798989f7b9b9d449f9a7fafa9b2db472be5c3b8bdb81c15b5f0620494b41f65c576bed1665c0665b932aaecac047fe857cd08cd3b2da4ae
Score
10/10
Malware Config
Extracted
Family
trickbot
Version
100001
Botnet
tar2
C2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Attributes
-
autorunName:pwgrab
ecc_pubkey.base64
Signatures
-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2b59fd4fb474f8faa420984fb13915375cc8d01e19995ec9c70017194e597be.exe"C:\Users\Admin\AppData\Local\Temp\f2b59fd4fb474f8faa420984fb13915375cc8d01e19995ec9c70017194e597be.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1080-0-0x0000000000400000-0x0000000000422000-memory.dmpFilesize
136KB