Overview

overview

10

Static

static

Froggies.exe

windows7_x64

10

Froggies.exe

windows10_x64

1

Analysis

  • max time kernel
    126s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-11-2020 08:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Froggies.exe

  • Size

    404KB

  • MD5

    c99e8ea05346c198782e4c66f01d7c10

  • SHA1

    2ec006693189d6d9f9e1d1d0a244ea7086c83641

  • SHA256

    bfa088b1ea61efa003343b09a536eaffa12bc90fb612f8ebcb8182785bb6eb16

  • SHA512

    7c4137c51c5ae5bf45c43d5c0685075d96e674115534735df1407e2326d9f07ff5992f28d5c09b10497b90ff9fc6fe5ec624495ee077455067f23934c6f998d3

Score
10/10
trickbotfra1bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100002

Botnet

fra1

C2

195.123.240.138:443

162.212.158.129:443

144.172.64.26:443

62.108.37.145:443

91.200.103.193:443

194.5.249.195:443

195.123.240.18:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Froggies.exe
    "C:\Users\Admin\AppData\Local\Temp\Froggies.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1092
      • C:\Windows\system32\wermgr.exe
        C:\Windows\system32\wermgr.exe
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:912

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/912-4-0x0000000000000000-mapping.dmp
      Download
    • memory/1092-2-0x0000000000000000-mapping.dmp
      Download
    • memory/1808-3-0x0000000002360000-0x000000000239A000-memory.dmp
      Filesize

      232KB

      Download
    • memory/1808-5-0x00000000024C0000-0x00000000024C4000-memory.dmp
      Filesize

      16KB

      Download
    • memory/1808-6-0x00000000025E0000-0x00000000025E4000-memory.dmp
      Filesize

      16KB

      Download