General

  • Target

    mon87.dll

  • Size

    684KB

  • Sample

    210227-p538cb381x

  • MD5

    2db0224259aba71fba30056a39f49828

  • SHA1

    78e6f2579a577ec6e22371e0d4f6eab80d96a148

  • SHA256

    711105f126d26aa1c24c5a203bed7a53eeb4e6ee3b2224b28fc8dd88c1200942

  • SHA512

    9d13edc9d72849a1c4e7151124416182169a843022047d549c25cf882300b8a2db2b914cffb88ff25c0ab99517437e4ae675ac695bbd546af0bae9787d069701

Malware Config

Extracted

Family

trickbot

Version

100012

Botnet

mon87

C2

41.77.134.250:449

45.155.173.242:443

192.162.238.186:449

142.112.79.223:449

122.2.28.70:449

154.126.176.30:449

45.230.244.20:443

182.253.107.34:443

200.52.147.93:443

123.200.26.246:449

131.255.106.152:449

177.85.133.118:449

103.225.138.94:449

142.202.191.164:443

95.210.118.90:449

36.94.62.207:443

201.20.118.122:449

180.92.238.186:449

103.130.6.244:449

202.91.41.138:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64
ecc_pubkey.base64

Targets

    • Target

      mon87.dll

    • Size

      684KB

    • MD5

      2db0224259aba71fba30056a39f49828

    • SHA1

      78e6f2579a577ec6e22371e0d4f6eab80d96a148

    • SHA256

      711105f126d26aa1c24c5a203bed7a53eeb4e6ee3b2224b28fc8dd88c1200942

    • SHA512

      9d13edc9d72849a1c4e7151124416182169a843022047d549c25cf882300b8a2db2b914cffb88ff25c0ab99517437e4ae675ac695bbd546af0bae9787d069701

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Matrix

Tasks