Resubmissions

10-01-2021 10:11

210110-n96q1dv1wj 10

09-01-2021 18:30

210109-7rad7hkdl6 10

General

  • Target

    3285d1f22eb3b7f6acbaf7528d71714d.exe

  • Size

    668KB

  • Sample

    210109-7rad7hkdl6

  • MD5

    3285d1f22eb3b7f6acbaf7528d71714d

  • SHA1

    8582e7f4b931d9e40f5c237a8b8ffd98ce73cb5b

  • SHA256

    8f98d0e1c30fd1a365380df0aef7e89cd29ba92dc26bd1da389987616470862c

  • SHA512

    b7ab23844ee27c67fa89371b55c4e59367fffaad3880bd2f3b25982cb3ff0564d5b64e919ddb7fdac8d633108cdbb5d942c59759b9cc2104a4fdf21db3df1a36

Malware Config

Extracted

Family

trickbot

Version

100009

Botnet

mor9

C2

149.54.11.54:449

36.89.191.119:449

41.159.31.227:449

103.150.68.124:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.44:449

194.5.249.143:443

142.202.191.175:443

195.123.241.31:443

45.89.125.214:443

45.83.151.103:443

91.200.103.41:443

66.70.246.0:443

64.74.160.218:443

198.46.198.115:443

5.34.180.173:443

23.227.196.5:443

195.123.241.115:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      3285d1f22eb3b7f6acbaf7528d71714d.exe

    • Size

      668KB

    • MD5

      3285d1f22eb3b7f6acbaf7528d71714d

    • SHA1

      8582e7f4b931d9e40f5c237a8b8ffd98ce73cb5b

    • SHA256

      8f98d0e1c30fd1a365380df0aef7e89cd29ba92dc26bd1da389987616470862c

    • SHA512

      b7ab23844ee27c67fa89371b55c4e59367fffaad3880bd2f3b25982cb3ff0564d5b64e919ddb7fdac8d633108cdbb5d942c59759b9cc2104a4fdf21db3df1a36

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks