Overview

overview

10

Static

static

8

4135b0a92b...03.xls

windows7_x64

10

4135b0a92b...03.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03.xls

  • Size

    62KB

  • Sample

    201202-aacfakcq5x

  • MD5

    39eb52a7ff92ab88d45f9645f12c42e7

  • SHA1

    fa9c3ef6c474b90c67149a3be4bf6916fd48fb31

  • SHA256

    4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03

  • SHA512

    ed752b7f74863a962bd52753a6b4fc3d9f5887690a0ffeb05c5c76e10fb0433374ba43e084863cefaf52bc39ea0e71e2ebb4bd669bab9d764c996313f091fa47

Score
10/10
trickbotrob12bankermacrotrojan

Malware Config

Extracted

Family

trickbot

Version

100004

Botnet

rob12

C2

103.250.70.163:443

181.196.24.6:443

103.87.25.220:443

2.179.73.140:443

118.69.133.4:443

202.62.47.109:443

14.102.109.190:443

103.78.81.5:443

116.0.54.227:443

36.94.193.167:443

194.5.179.82:443

213.235.183.78:443

103.52.47.20:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03.xls

    • Size

      62KB

    • MD5

      39eb52a7ff92ab88d45f9645f12c42e7

    • SHA1

      fa9c3ef6c474b90c67149a3be4bf6916fd48fb31

    • SHA256

      4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03

    • SHA512

      ed752b7f74863a962bd52753a6b4fc3d9f5887690a0ffeb05c5c76e10fb0433374ba43e084863cefaf52bc39ea0e71e2ebb4bd669bab9d764c996313f091fa47

    Score
    10/10
    trickbotrob12bankertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks