trickbot

General

Target

4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
Size

332KB
Sample

201115-fmt2s4595x
MD5

7bd08efc09ecaf60aa0d8e9ef6980883
SHA1

a39464725da9b41eaf297fbedfa12fa4316bbdd5
SHA256

4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
SHA512

f0b62f1e815467fd7fe952c784b0e92e4807550b88369fb8b8f6acdc74e9b0e283df05fca360989bddab14b8812bc340bcd08b37e862453c7c75441569853299

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000511

Botnet

lib724

C2

5.182.211.215:443

144.91.76.208:443

185.99.2.57:443

134.119.191.38:443

195.123.238.17:443

95.171.16.42:443

85.204.116.238:443

185.234.72.242:443

178.157.82.227:443

185.90.61.9:443

45.148.120.205:443

85.204.116.241:443

5.1.81.68:443

51.81.112.191:443

23.239.84.138:443

194.5.250.180:443

194.87.93.114:443

190.214.13.2:449

181.129.104.139:449

181.112.157.42:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
- Size
  
  332KB
- MD5
  
  7bd08efc09ecaf60aa0d8e9ef6980883
- SHA1
  
  a39464725da9b41eaf297fbedfa12fa4316bbdd5
- SHA256
  
  4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
- SHA512
  
  f0b62f1e815467fd7fe952c784b0e92e4807550b88369fb8b8f6acdc74e9b0e283df05fca360989bddab14b8812bc340bcd08b37e862453c7c75441569853299
Score

10^/10

trickbot lib724 banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dave packer

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2