trickbot

General

Target

648cf657cd14439e121887567f1dc9aa
Size

332KB
Sample

201117-wd9whsqn2x
MD5

af0222d56794bcb5bf9da6ecd8dff5b5
SHA1

2d305d8071caffa60acc4a8565c58f2e15c6a397
SHA256

1e193385fa315c3c554ab94715651e6c080573d60fbd6b16a6dacde14d771ed4
SHA512

7cd991592202a0be840a71cdf52f784d5fe0060ec8ebd4303d12e59676f5ea61886f794638ede2ba4c363f0004273d909ebf89552287528a688e40e7127e5436

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000511

Botnet

lib724

C2

5.182.211.215:443

144.91.76.208:443

185.99.2.57:443

134.119.191.38:443

195.123.238.17:443

95.171.16.42:443

85.204.116.238:443

185.234.72.242:443

178.157.82.227:443

185.90.61.9:443

45.148.120.205:443

85.204.116.241:443

5.1.81.68:443

51.81.112.191:443

23.239.84.138:443

194.5.250.180:443

194.87.93.114:443

190.214.13.2:449

181.129.104.139:449

181.112.157.42:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  648cf657cd14439e121887567f1dc9aa
- Size
  
  332KB
- MD5
  
  af0222d56794bcb5bf9da6ecd8dff5b5
- SHA1
  
  2d305d8071caffa60acc4a8565c58f2e15c6a397
- SHA256
  
  1e193385fa315c3c554ab94715651e6c080573d60fbd6b16a6dacde14d771ed4
- SHA512
  
  7cd991592202a0be840a71cdf52f784d5fe0060ec8ebd4303d12e59676f5ea61886f794638ede2ba4c363f0004273d909ebf89552287528a688e40e7127e5436
Score

10^/10

trickbot lib724 banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Dave packer

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2