trickbot

General

Target

2f2a57f690a4d13b0a399eeec33716fe6c16f9499a682caa66a28af4cdfd8d20.bin
Size

139KB
Sample

201216-54sa6z6lgs
MD5

05c382dd1b48534ba3e76700dc274a42
SHA1

abd38142ad096b64a3b05b5be851df7c74e5426a
SHA256

2f2a57f690a4d13b0a399eeec33716fe6c16f9499a682caa66a28af4cdfd8d20
SHA512

ae729f7e208ee44b7a34275e9293150f345298fe9e7ce5a2329431080c5fc08e978f15c0c29a186af0fd7848fc1be32b3f7274584b48435bc8e1b1c3cd5703ee

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

rob22

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  2f2a57f690a4d13b0a399eeec33716fe6c16f9499a682caa66a28af4cdfd8d20.bin
- Size
  
  139KB
- MD5
  
  05c382dd1b48534ba3e76700dc274a42
- SHA1
  
  abd38142ad096b64a3b05b5be851df7c74e5426a
- SHA256
  
  2f2a57f690a4d13b0a399eeec33716fe6c16f9499a682caa66a28af4cdfd8d20
- SHA512
  
  ae729f7e208ee44b7a34275e9293150f345298fe9e7ce5a2329431080c5fc08e978f15c0c29a186af0fd7848fc1be32b3f7274584b48435bc8e1b1c3cd5703ee
Score

10^/10

trickbot rob22 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2