trickbot | 89ba36ddab48b3cdd3a8db026463e79391c6ca7f0b04a9ea8b71969add67b276 | Triage

Resubmissions

30-12-2020 07:24

201230-2pnedj57aj 10

28-12-2020 18:56

201228-fmwh744fae 10

Sharing

General

Target

shiybnyrsolu.exe
Size

532KB
Sample

201228-fmwh744fae
MD5

59ea5e429638fa0801683014a19f10ac
SHA1

eb4bb017b2d14017f44ea32c01c54871215ea09a
SHA256

89ba36ddab48b3cdd3a8db026463e79391c6ca7f0b04a9ea8b71969add67b276
SHA512

55df4ff121e7948917968c54911a49bcf140970162b365da1bf6027db3eea47021b43798e6b3a78906bac9b34e6c97e61dbb2a0f0531cd75bf486e2eb6387b98

Score

10^/10

trickbot mor5 banker trojan

Malware Config

Extracted

Family

trickbot

Version

100007

Botnet

mor5

C2

103.87.25.220:443

103.98.129.222:449

41.243.29.182:449

103.87.25.220:449

196.45.140.146:449

103.65.196.44:449

103.65.195.95:449

103.61.101.11:449

103.61.100.131:449

103.150.68.124:449

103.137.81.206:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.48:449

102.164.208.44:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

ecc_pubkey.base64

Targets

- Target
  
  shiybnyrsolu.exe
- Size
  
  532KB
- MD5
  
  59ea5e429638fa0801683014a19f10ac
- SHA1
  
  eb4bb017b2d14017f44ea32c01c54871215ea09a
- SHA256
  
  89ba36ddab48b3cdd3a8db026463e79391c6ca7f0b04a9ea8b71969add67b276
- SHA512
  
  55df4ff121e7948917968c54911a49bcf140970162b365da1bf6027db3eea47021b43798e6b3a78906bac9b34e6c97e61dbb2a0f0531cd75bf486e2eb6387b98
Score

10^/10

trickbot mor5 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmor5bankertrojan

behavioral2

trickbotmor5bankertrojan