trickbot

General

Target

e05481bb599b26fe2ec4526d5f5b6cd8.exe
Size

2.2MB
Sample

210202-fh53dg9k3s
MD5

e05481bb599b26fe2ec4526d5f5b6cd8
SHA1

308964545c9481c2d036d264b30a477af8fbef7e
SHA256

428f80c67264709313cca17c2665edb3bf34bd1381d9211ccfb27a6ff5da3a89
SHA512

bbc89c8a4426490a0fca55cce65c8892797fb6d8207124311e74f7538fecfabd7023a96928ce5fe53976c74bbb7dc06e1b567c2160619f123bc4e2acfb3704d2

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000024

Botnet

tot32

C2

85.93.159.98:449

92.242.214.203:449

202.21.103.194:449

169.239.45.42:449

45.234.248.66:449

103.91.244.102:449

118.67.216.238:449

117.212.193.62:449

201.184.190.59:449

103.29.185.138:449

79.122.166.236:449

37.143.150.186:449

179.191.108.58:449

85.159.214.61:443

149.56.80.31:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e05481bb599b26fe2ec4526d5f5b6cd8.exe
- Size
  
  2.2MB
- MD5
  
  e05481bb599b26fe2ec4526d5f5b6cd8
- SHA1
  
  308964545c9481c2d036d264b30a477af8fbef7e
- SHA256
  
  428f80c67264709313cca17c2665edb3bf34bd1381d9211ccfb27a6ff5da3a89
- SHA512
  
  bbc89c8a4426490a0fca55cce65c8892797fb6d8207124311e74f7538fecfabd7023a96928ce5fe53976c74bbb7dc06e1b567c2160619f123bc4e2acfb3704d2
Score

10^/10

trickbot tot32 banker ransomware trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

Enumerates physical storage devices

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2