trickbot | dfbf77195c1011a196e0595a0511e2b6beb4b3f87c8a7fd8ec2a12c0e9812afb | Triage

Sharing

General

Target

kpsiwn.zip
Size

275KB
Sample

201221-tbmr9vdc86
MD5

b65cc2f110d97046586b951abe00d4ad
SHA1

c763fe8553306d5ee05bba0f04fc8cf4625b7c23
SHA256

dfbf77195c1011a196e0595a0511e2b6beb4b3f87c8a7fd8ec2a12c0e9812afb
SHA512

e628cbb9e85a70eff938c0f729cb2ebce00da6bdc5982abb9cc82acbf52834ac4e67f591164a9341718a92978074730d25b3a3276bb7669f762c7da52ccd7074

Score

10^/10

trickbot mor1 banker trojan

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mor1

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  kpsiwn.exe
- Size
  
  341KB
- MD5
  
  4103d97c7cad79f050901aace0d9fbe0
- SHA1
  
  dead0bd2345e9769b5545f4ff628e5c59fb5ef9e
- SHA256
  
  e410123bde6a317cadcaf1fa3502301b7aad6f528d59b6b60c97be077ef5da00
- SHA512
  
  390513fba9908a4f84a2f49174d573f8c0c45d9aa17ed5fb0300fe4f1eb85873eda4ed221f82d36ed629a06d0b1edd3983c10a5904949eae7d237753ab77ec57
Score

10^/10

trickbot mor1 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmor1bankertrojan

behavioral2

trickbotmor1bankertrojan