trickbot | 376dc2baf8297415c4d105796fd6bbd3316b7eb7748212ace3493e37ac17454f | Triage

Submit
Reports

Overview

overview

Static

static

mon27.dll

windows7_x64

mon27.dll

windows10_x64

Sharing

General

Target

mon27.dll
Size

330KB
Sample

201223-1serqgjcmn
MD5

870629b1f82af39abfcff099a02909a3
SHA1

cc1437651e0f6b4a881d61539e7ae84551853e03
SHA256

376dc2baf8297415c4d105796fd6bbd3316b7eb7748212ace3493e37ac17454f
SHA512

22fdfaa6ca256d980063ad199f30036504375d84cd12e5f35436b49c64ca6ea4b686ac85975cfbae53cfe4212e32781642039b6716666b3495cbb1d68487dfb4

Score

10^/10

trickbot mon27 banker dave trojan

Static task

static1

Behavioral task

behavioral1

Sample

mon27.dll

Resource

win7v20201028

trickbot mon27 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mon27.dll

Resource

win10v20201028

trickbot mon27 banker dave trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mon27

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  mon27.dll
- Size
  
  330KB
- MD5
  
  870629b1f82af39abfcff099a02909a3
- SHA1
  
  cc1437651e0f6b4a881d61539e7ae84551853e03
- SHA256
  
  376dc2baf8297415c4d105796fd6bbd3316b7eb7748212ace3493e37ac17454f
- SHA512
  
  22fdfaa6ca256d980063ad199f30036504375d84cd12e5f35436b49c64ca6ea4b686ac85975cfbae53cfe4212e32781642039b6716666b3495cbb1d68487dfb4
Score

10^/10

trickbot mon27 banker trojan dave
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
- Dave packer
  Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
  dave
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon27bankertrojan

behavioral2

trickbotmon27bankerdavetrojan

© 2018-2024

Terms | Privacy