Resubmissions

19-11-2020 12:05

201119-ny4p2fknjj 10

18-11-2020 12:21

201118-rsbgw8lbwn 10

General

  • Target

    fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350

  • Size

    660KB

  • Sample

    201119-ny4p2fknjj

  • MD5

    b44c5540e020963aca89f3b9a96beb35

  • SHA1

    14a6e46be7863db3090d81a18d4e080ac005f437

  • SHA256

    fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350

  • SHA512

    63ffac732d6b6b469f6072efa0b4ad0ef224072418b18ed879fe914c3cb64b6714ca4948c5d1816218d611865a1f1747121e126a407acbcc038b4615f9b7fd31

Malware Config

Extracted

Family

trickbot

Version

100001

Botnet

tar2

C2

66.85.183.5:443

185.163.47.157:443

94.140.115.99:443

195.123.240.40:443

195.123.241.226:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350

    • Size

      660KB

    • MD5

      b44c5540e020963aca89f3b9a96beb35

    • SHA1

      14a6e46be7863db3090d81a18d4e080ac005f437

    • SHA256

      fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d350

    • SHA512

      63ffac732d6b6b469f6072efa0b4ad0ef224072418b18ed879fe914c3cb64b6714ca4948c5d1816218d611865a1f1747121e126a407acbcc038b4615f9b7fd31

    • Contacts Bazar domain

      Uses Emercoin blockchain domains associated with Bazar backdoor/loader.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Matrix

Tasks