trickbot

General

Target

055038bf80ad77b090c01e7f2ef8b2d32ff42087e0a68389b4892c1dd63056b6
Size

970KB
Sample

210218-c7dxsvgkd6
MD5

95d4b9e71d85a6ad9ccd40d232a505d3
SHA1

ea45a137e592668e67c2116395799a3acd14b31a
SHA256

055038bf80ad77b090c01e7f2ef8b2d32ff42087e0a68389b4892c1dd63056b6
SHA512

c0f837c8fc09803622531efc15050c9eab4ffba78c79114295957ac27efa56023fe003eb188f96c5a774c5f73acb2994443bd979502395b13dd0f020840e9d4a

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100010

Botnet

rob35

C2

5.34.180.180:443

64.74.160.228:443

198.46.198.116:443

5.34.180.185:443

107.152.46.188:443

195.123.241.214:443

23.254.224.2:443

107.172.188.113:443

200.52.147.93:443

185.198.59.45:443

45.14.226.101:443

185.82.126.38:443

85.204.116.139:443

45.155.173.248:443

103.91.244.50:443

45.230.244.20:443

45.226.124.226:443

187.84.95.6:443

186.250.157.116:443

186.137.85.76:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  055038bf80ad77b090c01e7f2ef8b2d32ff42087e0a68389b4892c1dd63056b6
- Size
  
  970KB
- MD5
  
  95d4b9e71d85a6ad9ccd40d232a505d3
- SHA1
  
  ea45a137e592668e67c2116395799a3acd14b31a
- SHA256
  
  055038bf80ad77b090c01e7f2ef8b2d32ff42087e0a68389b4892c1dd63056b6
- SHA512
  
  c0f837c8fc09803622531efc15050c9eab4ffba78c79114295957ac27efa56023fe003eb188f96c5a774c5f73acb2994443bd979502395b13dd0f020840e9d4a
Score

10^/10

trickbot rob35 banker trojan
- Suspicious use of NtCreateProcessExOtherParentProcess
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2