trickbot

General

Target

a83ca01d677db702c686d6b957405458.exe
Size

668KB
Sample

210105-k2v9tx5q3j
MD5

a83ca01d677db702c686d6b957405458
SHA1

68ab5cec408fdfd586e54a3e11d00b7d8a49c8b4
SHA256

8c206ff3cf89ee0ddf05f2608ef0535b7a2c17710e6ccec34ec6439d417dab69
SHA512

474f52d06c8ce1e51a712f6972dabbdd3a96b1706c20d09cc5d76ac29061a253c6e4f79fcece97dfcdebabb8697d11fddb895c48be45280b6f9f5516cfa4f002

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100009

Botnet

mor9

C2

149.54.11.54:449

36.89.191.119:449

41.159.31.227:449

103.150.68.124:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.44:449

194.5.249.143:443

142.202.191.175:443

195.123.241.31:443

45.89.125.214:443

45.83.151.103:443

91.200.103.41:443

66.70.246.0:443

64.74.160.218:443

198.46.198.115:443

5.34.180.173:443

23.227.196.5:443

195.123.241.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  a83ca01d677db702c686d6b957405458.exe
- Size
  
  668KB
- MD5
  
  a83ca01d677db702c686d6b957405458
- SHA1
  
  68ab5cec408fdfd586e54a3e11d00b7d8a49c8b4
- SHA256
  
  8c206ff3cf89ee0ddf05f2608ef0535b7a2c17710e6ccec34ec6439d417dab69
- SHA512
  
  474f52d06c8ce1e51a712f6972dabbdd3a96b1706c20d09cc5d76ac29061a253c6e4f79fcece97dfcdebabb8697d11fddb895c48be45280b6f9f5516cfa4f002
Score

10^/10

trickbot mor9 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2