trickbot | 828efc4ccc546b5253ab20243fc062e061149571e1e5fe7b683198cc858e00ea | Triage

Sharing

General

Target

a08edd294f3fe66f2321857293000605.dll
Size

298KB
Sample

210313-p81lpn6mfx
MD5

a08edd294f3fe66f2321857293000605
SHA1

8f3192895870bccf232f9e6e9fdcf98bf21ad586
SHA256

828efc4ccc546b5253ab20243fc062e061149571e1e5fe7b683198cc858e00ea
SHA512

9b8eefe2cfdeace569e8d683373666148d475959aaadd7b84904601f781609e5af84cd65a3dafb9461860c695314fa29473bf81f381c725fa801176133839c3d

Score

10^/10

trickbot mon123 banker trojan

Malware Config

Extracted

Family

trickbot

Version

100013

Botnet

mon123

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  a08edd294f3fe66f2321857293000605.dll
- Size
  
  298KB
- MD5
  
  a08edd294f3fe66f2321857293000605
- SHA1
  
  8f3192895870bccf232f9e6e9fdcf98bf21ad586
- SHA256
  
  828efc4ccc546b5253ab20243fc062e061149571e1e5fe7b683198cc858e00ea
- SHA512
  
  9b8eefe2cfdeace569e8d683373666148d475959aaadd7b84904601f781609e5af84cd65a3dafb9461860c695314fa29473bf81f381c725fa801176133839c3d
Score

10^/10

trickbot mon123 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon123bankertrojan

behavioral2

trickbotmon123bankertrojan