trickbot | b4ad3c9c795d3d07eed4af3d337662a974e64315bb7edde82b6df25f4c09b32b | Triage

Sharing

General

Target

b4ad3c9c795d3d07eed4af3d337662a974e64315bb7edde82b6df25f4c09b32b
Size

1.2MB
Sample

201113-k3qtl15b3x
MD5

46a07ec480cd011dae44a527b478cce4
SHA1

21d83628819edcded2ca949c8c886526594847cd
SHA256

b4ad3c9c795d3d07eed4af3d337662a974e64315bb7edde82b6df25f4c09b32b
SHA512

ca1bce0427b4531f2d3960a49f734bbc61014627fac912a780b43d40b9db45c76801337d0086a1da464622aa05a6cc25e07c15bbef418826d40b78e6679e1e64

Score

10^/10

trickbot tar2 banker trojan

Malware Config

Extracted

Family

trickbot

Version

100001

Botnet

tar2

C2

66.85.183.5:443

185.163.47.157:443

94.140.115.99:443

195.123.240.40:443

195.123.241.226:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  b4ad3c9c795d3d07eed4af3d337662a974e64315bb7edde82b6df25f4c09b32b
- Size
  
  1.2MB
- MD5
  
  46a07ec480cd011dae44a527b478cce4
- SHA1
  
  21d83628819edcded2ca949c8c886526594847cd
- SHA256
  
  b4ad3c9c795d3d07eed4af3d337662a974e64315bb7edde82b6df25f4c09b32b
- SHA512
  
  ca1bce0427b4531f2d3960a49f734bbc61014627fac912a780b43d40b9db45c76801337d0086a1da464622aa05a6cc25e07c15bbef418826d40b78e6679e1e64
Score

10^/10

trickbot tar2 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbottar2bankertrojan

behavioral2

trickbottar2bankertrojan