Resubmissions

08-04-2021 06:38

210408-gx3w79j19a 10

08-04-2021 06:33

210408-dyfh7tgh82 10

General

  • Target

    088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

  • Size

    532KB

  • Sample

    210408-dyfh7tgh82

  • MD5

    2939f396d5b175b2e1f28b05c09e812b

  • SHA1

    d040e2a1d29f0b37a5e888d2402432d78440cb54

  • SHA256

    088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

  • SHA512

    ac18886ead5c6e9476e36c0af5bf0a7a9837d8cb9f8fa12fa40c77492c2bdce6cfa33d074d45ca46658a9895fb4dce19824af578431915a696449cd5f3b0eb94

Malware Config

Extracted

Family

trickbot

Version

100015

Botnet

yas58

C2

67.48.36.18:449

46.254.128.174:449

41.216.166.142:449

181.143.251.154:449

77.232.163.203:449

87.97.178.92:449

185.94.172.15:449

185.230.5.43:443

91.243.125.5:443

185.242.168.118:443

201.23.76.18:443

180.178.109.222:443

202.131.227.229:443

163.53.83.117:443

45.235.5.162:443

185.189.55.207:449

103.36.48.159:449

168.253.208.234:449

41.60.233.170:449

170.79.181.188:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

    • Size

      532KB

    • MD5

      2939f396d5b175b2e1f28b05c09e812b

    • SHA1

      d040e2a1d29f0b37a5e888d2402432d78440cb54

    • SHA256

      088d508c5f4509185682108b422dcce6d1ca6ce82258f1340ab4e330da067b22

    • SHA512

      ac18886ead5c6e9476e36c0af5bf0a7a9837d8cb9f8fa12fa40c77492c2bdce6cfa33d074d45ca46658a9895fb4dce19824af578431915a696449cd5f3b0eb94

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks