Overview

overview

10

Static

static

a8860ec417...ac.dll

windows7_x64

10

a8860ec417...ac.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac

  • Size

    400KB

  • Sample

    210324-q29rbhyrqe

  • MD5

    e6773f8149a687f25aadcf88f1dcbe07

  • SHA1

    9850cde46a97514ca56be1fbf0870744b1582c1d

  • SHA256

    a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac

  • SHA512

    bfb8cef0b439f5ac16f041b7a0ba37f142a641a12bca505a948ecb1edb82d44088cfffac891ec0a830b1b953e903d0e65e4a759e3639295bbb3413703c263ee7

Score
10/10
trickbotmon73bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon73

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac

    • Size

      400KB

    • MD5

      e6773f8149a687f25aadcf88f1dcbe07

    • SHA1

      9850cde46a97514ca56be1fbf0870744b1582c1d

    • SHA256

      a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac

    • SHA512

      bfb8cef0b439f5ac16f041b7a0ba37f142a641a12bca505a948ecb1edb82d44088cfffac891ec0a830b1b953e903d0e65e4a759e3639295bbb3413703c263ee7

    Score
    10/10
    trickbotmon73bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks