Overview

overview

10

Static

static

30 mins

windows7_x64

10

30 mins Win10

windows10_x64

1

Resubmissions

07-12-2020 21:19

201207-dxaesc38wa 10

02-12-2020 13:37

201202-y581fb4476 10

23-11-2020 11:51

201123-kbf2mbqj7j 10

20-11-2020 12:12

201120-2wfg5nazp6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73f8d1dcfb02307ba3c44c4a75396afae849a21a20c7af599a05f1b6cb5a9653

  • Size

    724KB

  • Sample

    201123-kbf2mbqj7j

  • MD5

    1a3adc0b25169b3aa6b7779e9b59715d

  • SHA1

    7430bc136e8f7843525d38803ed05a130057481b

  • SHA256

    73f8d1dcfb02307ba3c44c4a75396afae849a21a20c7af599a05f1b6cb5a9653

  • SHA512

    cb7b5c51faefc13606efb53b8b352ebbfa9da03661c38a42ed61f545df9ecab6638d89676cc8d0f45fba3a748bd9560fe26c486789b31dc61615cd011cb73013

Score
10/10
trickbottot13bankerspywaretrojan

Malware Config

Extracted

Family

trickbot

Version

2000017

Botnet

tot13

C2

81.91.234.196:443

2.179.73.140:443

185.160.60.26:443

188.133.138.240:443

181.211.128.49:443

190.107.93.172:443

103.194.88.2:443

203.156.72.34:443

117.222.39.83:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      73f8d1dcfb02307ba3c44c4a75396afae849a21a20c7af599a05f1b6cb5a9653

    • Size

      724KB

    • MD5

      1a3adc0b25169b3aa6b7779e9b59715d

    • SHA1

      7430bc136e8f7843525d38803ed05a130057481b

    • SHA256

      73f8d1dcfb02307ba3c44c4a75396afae849a21a20c7af599a05f1b6cb5a9653

    • SHA512

      cb7b5c51faefc13606efb53b8b352ebbfa9da03661c38a42ed61f545df9ecab6638d89676cc8d0f45fba3a748bd9560fe26c486789b31dc61615cd011cb73013

    Score
    10/10
    trickbottot13bankerspywaretrojan

    • Contacts Bazar domain

      Uses Emercoin blockchain domains associated with Bazar backdoor/loader.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks