trickbot

General

Target

cdde7cd544a463e3ff0aad3e81b4cb9b
Size

628KB
Sample

201117-b8q9ep8dda
MD5

7de3134c1fad9d58f6ba45e1ba56fc87
SHA1

6ba596a6f9c79b4cb1e02b297470dea6f7f1102e
SHA256

5c864556e2b7a2796889182b40da14f88dbf47029e2304b40615d1db8d95c731
SHA512

2d37a80a361231f2d4d0181995e16a94613a8e7c8ed4b66540f37a8a6156bafcc54371cf14b5fed28eec5a13c7b76aa7c9a3f97a6a208e768778200fbd7fa52f

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000491

Botnet

tot635

C2

23.94.70.12:443

5.182.210.132:443

5.2.75.137:443

172.82.152.136:443

198.23.252.117:443

194.5.250.62:443

185.14.30.176:443

195.123.245.127:443

195.54.162.179:443

184.164.137.190:443

198.46.161.213:443

64.44.51.106:443

107.172.251.159:443

85.143.220.41:443

107.172.29.108:443

107.172.208.51:443

107.181.187.221:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  cdde7cd544a463e3ff0aad3e81b4cb9b
- Size
  
  628KB
- MD5
  
  7de3134c1fad9d58f6ba45e1ba56fc87
- SHA1
  
  6ba596a6f9c79b4cb1e02b297470dea6f7f1102e
- SHA256
  
  5c864556e2b7a2796889182b40da14f88dbf47029e2304b40615d1db8d95c731
- SHA512
  
  2d37a80a361231f2d4d0181995e16a94613a8e7c8ed4b66540f37a8a6156bafcc54371cf14b5fed28eec5a13c7b76aa7c9a3f97a6a208e768778200fbd7fa52f
Score

10^/10

trickbot tot635 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2