trickbot | 812fca175f63a63380cc09b822399dc99cf2f0e9248003ed76cfb26033828f09 | Triage

Resubmissions

29-11-2020 11:01

201129-d4be3v1hha 10

29-11-2020 09:57

201129-jrbzljg4bn 10

22-11-2020 09:12

201122-mn1g1mmfh2 10

20-11-2020 12:13

201120-mhdv9tfvhs 10

Sharing

General

Target

812fca175f63a63380cc09b822399dc99cf2f0e9248003ed76cfb26033828f09
Size

226KB
Sample

201129-d4be3v1hha
MD5

2c6261543b4afdc73780193769c4b971
SHA1

ce578cfd43137888d4be4c2d3d39e9a0d70cc22d
SHA256

812fca175f63a63380cc09b822399dc99cf2f0e9248003ed76cfb26033828f09
SHA512

5619c2418d292bc490225b9661975939a767f5c464a30f6c85746b13e06fef56ba15eb730645a571885e6423bcaea337c3b0f0ebfd45edd9643b2fb4c47eda8d

Score

10^/10

trickbot tar3

Malware Config

Extracted

Family

trickbot

Version

100003

Botnet

tar3

C2

102.164.206.129:449

103.131.156.21:449

103.131.157.102:449

103.131.157.161:449

103.146.232.5:449

103.150.68.124:449

103.156.126.232:449

103.30.85.157:449

103.52.47.20:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  812fca175f63a63380cc09b822399dc99cf2f0e9248003ed76cfb26033828f09
- Size
  
  226KB
- MD5
  
  2c6261543b4afdc73780193769c4b971
- SHA1
  
  ce578cfd43137888d4be4c2d3d39e9a0d70cc22d
- SHA256
  
  812fca175f63a63380cc09b822399dc99cf2f0e9248003ed76cfb26033828f09
- SHA512
  
  5619c2418d292bc490225b9661975939a767f5c464a30f6c85746b13e06fef56ba15eb730645a571885e6423bcaea337c3b0f0ebfd45edd9643b2fb4c47eda8d
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2