trickbot | f0b83514c6f826e695fb34c8264f54e528d355c0765fdcd5f9c3c0e3d6127f54 | Triage

Resubmissions

23-11-2020 12:02

201123-llrwlpa3jn 10

23-11-2020 11:51

201123-n824g1ydd2 10

Sharing

General

Target

f0b83514c6f826e695fb34c8264f54e528d355c0765fdcd5f9c3c0e3d6127f54
Size

171B
Sample

201123-n824g1ydd2
MD5

d5572751f440766c4c24f20aeb4a368f
SHA1

b4556e63d3b4307878e51d5dfab5ea3a4e9e7946
SHA256

f0b83514c6f826e695fb34c8264f54e528d355c0765fdcd5f9c3c0e3d6127f54
SHA512

19b2c56b04e266df5773c727d3d0137e6e024662286b39d6825c93718c5f93850f0a0536868a9bae72472d92eb00f14512b28cfcb823d737d1c7eabe5f4cbccc

Score

10^/10

trickbot tar3 banker trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://arvidarena.com/WebBrowseHttp.exe

Extracted

Family

trickbot

Version

100003

Botnet

tar3

C2

102.164.206.129:449

103.131.156.21:449

103.131.157.102:449

103.131.157.161:449

103.146.232.5:449

103.150.68.124:449

103.156.126.232:449

103.30.85.157:449

103.52.47.20:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  f0b83514c6f826e695fb34c8264f54e528d355c0765fdcd5f9c3c0e3d6127f54
- Size
  
  171B
- MD5
  
  d5572751f440766c4c24f20aeb4a368f
- SHA1
  
  b4556e63d3b4307878e51d5dfab5ea3a4e9e7946
- SHA256
  
  f0b83514c6f826e695fb34c8264f54e528d355c0765fdcd5f9c3c0e3d6127f54
- SHA512
  
  19b2c56b04e266df5773c727d3d0137e6e024662286b39d6825c93718c5f93850f0a0536868a9bae72472d92eb00f14512b28cfcb823d737d1c7eabe5f4cbccc
Score

10^/10

trickbot tar3 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Blacklisted process makes network request
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbottar3bankertrojan

behavioral2

trickbottar3bankertrojan