trickbot | 9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8 | Triage

Submit
Reports

Overview

overview

Static

static

9f46729f68...a8.dll

windows7_x64

9f46729f68...a8.dll

windows10_x64

Sharing

General

Target

9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8
Size

768KB
Sample

210324-gnr6t2szcs
MD5

5bb0b118834c3af28feedc0d594b9b2f
SHA1

403cc32f641133f41a5f1a9b8746871d87348f00
SHA256

9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8
SHA512

5ec7d61513c6c81df3febcc8d70f6dba6aae870ad62dc0d58fa53f8792f73ec6464393936a34b5a411c4dbdc49ad410b06922439f40f3669e166ed2e2b527524

Score

10^/10

trickbot mon126 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8.dll

Resource

win7v20201028

trickbot mon126 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8.dll

Resource

win10v20201028

trickbot mon126 banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

trickbot

Version

100013

Botnet

mon126

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8
- Size
  
  768KB
- MD5
  
  5bb0b118834c3af28feedc0d594b9b2f
- SHA1
  
  403cc32f641133f41a5f1a9b8746871d87348f00
- SHA256
  
  9f46729f68497f8aa905e1f8ed3d197d5924a8d7acee4813b1549e6ede0cc6a8
- SHA512
  
  5ec7d61513c6c81df3febcc8d70f6dba6aae870ad62dc0d58fa53f8792f73ec6464393936a34b5a411c4dbdc49ad410b06922439f40f3669e166ed2e2b527524
Score

10^/10

trickbot mon126 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon126bankertrojan

behavioral2

trickbotmon126bankertrojan

© 2018-2024

Terms | Privacy