General

  • Target

    a08edd294f3fe66f2321857293000605.dll

  • Size

    298KB

  • Sample

    210313-p81lpn6mfx

  • MD5

    a08edd294f3fe66f2321857293000605

  • SHA1

    8f3192895870bccf232f9e6e9fdcf98bf21ad586

  • SHA256

    828efc4ccc546b5253ab20243fc062e061149571e1e5fe7b683198cc858e00ea

  • SHA512

    9b8eefe2cfdeace569e8d683373666148d475959aaadd7b84904601f781609e5af84cd65a3dafb9461860c695314fa29473bf81f381c725fa801176133839c3d

Malware Config

Extracted

Family

trickbot

Version

100013

Botnet

mon123

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      a08edd294f3fe66f2321857293000605.dll

    • Size

      298KB

    • MD5

      a08edd294f3fe66f2321857293000605

    • SHA1

      8f3192895870bccf232f9e6e9fdcf98bf21ad586

    • SHA256

      828efc4ccc546b5253ab20243fc062e061149571e1e5fe7b683198cc858e00ea

    • SHA512

      9b8eefe2cfdeace569e8d683373666148d475959aaadd7b84904601f781609e5af84cd65a3dafb9461860c695314fa29473bf81f381c725fa801176133839c3d

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks