trickbot

General

Target

ioyjaph.bin
Size

344KB
Sample

201228-68tbbz2was
MD5

044c55ded2ee880a49a223e79279e4c1
SHA1

9ea4245c47f81a8a43595f3484fadc8d9518bcfb
SHA256

751e4fa70e4c83abe2cc990e7102133b4824bdea77e3904dba01eb6c6dc23e32
SHA512

3699b8f33a06ab0e32dad6966482b98b46d2667b72fb376144cc8a235fba1270a65afb04e6849af93e5de6efaf46b45d899cbe1e6b34d808de27e921a5c06131

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000493

Botnet

jim640

C2

195.123.220.178:443

198.23.209.201:443

188.165.62.34:443

164.68.120.60:443

146.185.253.191:443

185.213.20.246:443

45.137.151.198:443

185.141.27.190:443

51.89.115.124:443

188.120.254.68:443

78.24.223.88:443

185.177.59.163:443

5.182.210.109:443

5.2.70.145:443

172.82.152.11:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449

181.113.28.146:449

181.112.157.42:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  ioyjaph.bin
- Size
  
  344KB
- MD5
  
  044c55ded2ee880a49a223e79279e4c1
- SHA1
  
  9ea4245c47f81a8a43595f3484fadc8d9518bcfb
- SHA256
  
  751e4fa70e4c83abe2cc990e7102133b4824bdea77e3904dba01eb6c6dc23e32
- SHA512
  
  3699b8f33a06ab0e32dad6966482b98b46d2667b72fb376144cc8a235fba1270a65afb04e6849af93e5de6efaf46b45d899cbe1e6b34d808de27e921a5c06131
Score

10^/10

trickbot jim640 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2