trickbot | 62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7 | Triage

Submit
Reports

Overview

overview

Static

static

8

Document931215825.xls

windows7_x64

1

Document931215825.xls

windows10_x64

Sharing

General

Target

Document931215825.xls
Size

53KB
Sample

201211-fk2nflnbra
MD5

7054f04adc0695c6c8a1853526e13468
SHA1

dd8e0f4b4fe228985acaad81c7a8af5c575e3b0e
SHA256

62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
SHA512

afa7d010c4b36cc681cef843964fb008b7d95e68501b9566cbc073038f5b1380e73aacbd187ac3694673a3c90453931a5479a61fb23138bc28d1d8425bece723

Score

10^/10

trickbot rob20 banker macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

Document931215825.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Document931215825.xls

Resource

win10v20201028

trickbot rob20 banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

trickbot

Version

100006

Botnet

rob20

C2

80.242.220.146:449

177.221.108.198:449

41.243.29.182:449

178.134.55.190:449

194.5.249.71:443

195.123.242.207:443

184.95.51.178:443

94.158.245.90:443

192.3.247.125:443

156.96.47.3:443

192.3.73.165:443

192.119.171.230:443

141.136.0.42:443

45.12.110.206:443

5.34.180.168:443

195.123.242.202:443

196.45.140.146:449

103.250.70.163:443

103.87.25.220:443

118.69.133.4:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  Document931215825.xls
- Size
  
  53KB
- MD5
  
  7054f04adc0695c6c8a1853526e13468
- SHA1
  
  dd8e0f4b4fe228985acaad81c7a8af5c575e3b0e
- SHA256
  
  62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
- SHA512
  
  afa7d010c4b36cc681cef843964fb008b7d95e68501b9566cbc073038f5b1380e73aacbd187ac3694673a3c90453931a5479a61fb23138bc28d1d8425bece723
Score

10^/10

trickbot rob20 banker trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

trickbotrob20bankertrojan

© 2018-2024

Terms | Privacy