trickbot

Resubmissions

18-12-2020 16:31

201218-rf4f27wdbs 8

14-12-2020 11:33

12-12-2020 16:18

11-12-2020 11:08

11-12-2020 10:19

Sharing

Copy URL

Twitter E-mail

General

Target

Document931215825.xls
Size

53KB
Sample

201212-45avfhl4rx
MD5

ef687c6dd0731d96d622ac024974a35b
SHA1

907be2046fd958898fa14be35f567cbb30e5e8bb
SHA256

829419a788104ec45e82487738be2779a83cac1b65bfc9343e351e75cfa49f5e
SHA512

64c3ff8bcab43efaa971816463a620f02f760c84c60daa96d1937046b746156ab8f8461d6c68051e198e156b24133831fc663779c4f389f92ef146b6eb6a3fc5

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100006

Botnet

rob20

80.242.220.146:449

177.221.108.198:449

41.243.29.182:449

178.134.55.190:449

194.5.249.71:443

195.123.242.207:443

184.95.51.178:443

94.158.245.90:443

192.3.247.125:443

156.96.47.3:443

192.3.73.165:443

192.119.171.230:443

141.136.0.42:443

45.12.110.206:443

5.34.180.168:443

195.123.242.202:443

196.45.140.146:449

103.250.70.163:443

103.87.25.220:443

118.69.133.4:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  Document931215825.xls
- Size
  
  53KB
- MD5
  
  ef687c6dd0731d96d622ac024974a35b
- SHA1
  
  907be2046fd958898fa14be35f567cbb30e5e8bb
- SHA256
  
  829419a788104ec45e82487738be2779a83cac1b65bfc9343e351e75cfa49f5e
- SHA512
  
  64c3ff8bcab43efaa971816463a620f02f760c84c60daa96d1937046b746156ab8f8461d6c68051e198e156b24133831fc663779c4f389f92ef146b6eb6a3fc5
Score

10^/10

trickbot rob20 banker spyware trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1