Overview

overview

10

Static

static

10

7a7c994d08...in.exe

windows7_x64

10

7a7c994d08...in.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    23-12-2020 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe

  • Size

    138KB

  • MD5

    f3dcd3a18208a98d4b4f25a47f6df344

  • SHA1

    3ced50ff1d6aae794bd853914ec6f58db08aa876

  • SHA256

    7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8

  • SHA512

    7985059bbbbc200c17674a7039cc5043acebad4f64fa135a9356b1603d414117e496fd11de47264bb2fa3789f8b2ba94fba47e9c5b954b7474b00b98ed7b8d46

Score
10/10
trickbotmon27bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mon27

C2

41.243.29.182:449

196.45.140.146:449

103.87.25.220:443

103.98.129.222:449

103.87.25.220:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4684-2-0x0000000000400000-0x0000000000424000-memory.dmp
    Filesize

    144KB

    Download