trickbot | c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be | Triage

Sharing

General

Target

e21f86a0329f9fca7eb0492f22d76125
Size

600KB
Sample

201117-5htrw7hdq2
MD5

5e138a79931adc0c76b0b6ae46d90433
SHA1

7c9ff4a71756b6d8329183294669aabab59195ee
SHA256

c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be
SHA512

847ea4913bf8e1fe99a5f5b5a74d84d0ff15580a7dfab3db8daf2ff3b779e5ba275a1d57cecb65de51a50c3384c493018bb6cf8e0c732b2d1f6690c9e16062dd

Score

10^/10

trickbot lib7 banker trojan

Malware Config

Extracted

Family

trickbot

Version

2000016

Botnet

lib7

C2

202.136.89.226:449

202.169.244.252:449

203.176.135.38:449

212.3.104.50:449

41.203.215.122:449

41.41.179.239:449

43.239.152.240:449

43.242.141.59:449

43.245.216.190:449

43.255.113.180:449

45.230.8.34:449

45.233.25.6:449

78.138.128.20:449

49.156.41.74:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e21f86a0329f9fca7eb0492f22d76125
- Size
  
  600KB
- MD5
  
  5e138a79931adc0c76b0b6ae46d90433
- SHA1
  
  7c9ff4a71756b6d8329183294669aabab59195ee
- SHA256
  
  c98b7b275bf404b2e20641f7802e686e8a64b7aa72e1ec0152cf03667daea2be
- SHA512
  
  847ea4913bf8e1fe99a5f5b5a74d84d0ff15580a7dfab3db8daf2ff3b779e5ba275a1d57cecb65de51a50c3384c493018bb6cf8e0c732b2d1f6690c9e16062dd
Score

10^/10

trickbot lib7 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotlib7bankertrojan

behavioral2

trickbotlib7bankertrojan