Overview

overview

10

Static

static

10

4688b85694...in.exe

windows7_x64

10

4688b85694...in.exe

windows10_x64

10

Analysis

  • max time kernel
    94s
  • max time network
    96s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe

  • Size

    143KB

  • MD5

    2edc1cb60be3e26499aacd0fc020b84c

  • SHA1

    57166481954064f580c03e40578a6c1e1f84ca16

  • SHA256

    4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44

  • SHA512

    47174ca93b693f4b6f3fdfc7ceaf122b1cb4b6cf6115ebc1d16e998919a2d4b0472b7e49f081e8b7ea2706c31b0e16bc62f6f0fa6a5e12b8c7ddc71ad7f6a118

Score
10/10
trickbotrob35bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100010

Botnet

rob35

C2

5.34.180.180:443

64.74.160.228:443

198.46.198.116:443

5.34.180.185:443

107.152.46.188:443

195.123.241.214:443

23.254.224.2:443

107.172.188.113:443

200.52.147.93:443

185.198.59.45:443

45.14.226.101:443

185.82.126.38:443

85.204.116.139:443

45.155.173.248:443

103.91.244.50:443

45.230.244.20:443

45.226.124.226:443

187.84.95.6:443

186.250.157.116:443

186.137.85.76:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1580-2-0x0000000000400000-0x0000000000425000-memory.dmp
    Filesize

    148KB

    Download