trickbot

General

Target

5618890544807936.zip
Size

275KB
Sample

210201-e7sr8alcz2
MD5

453d814b297202a01e84b1e260889b71
SHA1

6e6d7149a361fa80451af628b855e972acd8fb13
SHA256

22fe4895341fb68bde7c94503e40af50ff764ac4697bbc86964140556e360baf
SHA512

8813d1f26a713485d2ff77c21bd81a228aecebcd18a4241f9dddad78b07eda02442d62385cb5e4670f81cfb82d948cd90cf2db1d1887988713ff772a981b4df5

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100010

Botnet

rob44

C2

5.34.180.180:443

64.74.160.228:443

198.46.198.116:443

5.34.180.185:443

107.152.46.188:443

195.123.241.214:443

23.254.224.2:443

107.172.188.113:443

200.52.147.93:443

185.198.59.45:443

45.14.226.101:443

185.82.126.38:443

85.204.116.139:443

45.155.173.248:443

103.91.244.50:443

45.230.244.20:443

45.226.124.226:443

187.84.95.6:443

186.250.157.116:443

186.137.85.76:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  8d6f00e5fd9873adbb197131fe6e6eec178ee9ade06f8aa5d3a9fc7cb42771ee
- Size
  
  358KB
- MD5
  
  e079b373bb72a2639c2fe1c2b61e9e71
- SHA1
  
  00e2d85bfc59b24855f53388a4d0fe6324bfdf31
- SHA256
  
  8d6f00e5fd9873adbb197131fe6e6eec178ee9ade06f8aa5d3a9fc7cb42771ee
- SHA512
  
  ca469c4e6fc025ec84b30a9177240c92472da98198197480e5a5c631c7ba9228ba0970192d6a51e4dcca86cb3841dd813f3020c01bab8e9aa68a8c4517792110
Score

10^/10

trickbot rob44 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2