trickbot

Target

b81361e9fe744a57b38d7e4e461b75678196da1ad9658fba3d33f864c5bd7ae8.exe
Size

138KB
Sample

201206-sd218sn3hn
MD5

5ffee5af2c9bd19f44fe28ba22f690ee
SHA1

2371a9950e23c7702edb6c8f5213cda52e38c571
SHA256

b81361e9fe744a57b38d7e4e461b75678196da1ad9658fba3d33f864c5bd7ae8
SHA512

9971e49ce0c76eaaa363e4905e62a584a04feef0ece29faabb1f64c2d30d9792e358ffbfca3c3105ca115583c7b6a9b0327f4b7e21b6e3e754965e75a286e436

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100004

Botnet

rob12

103.250.70.163:443

181.196.24.6:443

103.87.25.220:443

2.179.73.140:443

118.69.133.4:443

202.62.47.109:443

14.102.109.190:443

103.78.81.5:443

116.0.54.227:443

36.94.193.167:443

194.5.179.82:443

213.235.183.78:443

103.52.47.20:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  b81361e9fe744a57b38d7e4e461b75678196da1ad9658fba3d33f864c5bd7ae8.exe
- Size
  
  138KB
- MD5
  
  5ffee5af2c9bd19f44fe28ba22f690ee
- SHA1
  
  2371a9950e23c7702edb6c8f5213cda52e38c571
- SHA256
  
  b81361e9fe744a57b38d7e4e461b75678196da1ad9658fba3d33f864c5bd7ae8
- SHA512
  
  9971e49ce0c76eaaa363e4905e62a584a04feef0ece29faabb1f64c2d30d9792e358ffbfca3c3105ca115583c7b6a9b0327f4b7e21b6e3e754965e75a286e436
Score

10^/10

trickbot rob12 banker trojan
- Contacts Bazar domain
  Uses Emercoin blockchain domains associated with Bazar backdoor/loader.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Contacts Bazar domain

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4