trickbot

General

Target

27f978a9_by_Libranalysis
Size

379KB
Sample

210505-21hbhd51gj
MD5

27f978a90821e4611db3df3bad20422c
SHA1

e5e1628af99fb0910c4a6472cebed206f912ad83
SHA256

ff346eb1554302fcd09400c13922847aa2d653c9a8280569df47d8a1d7829fc3
SHA512

c50331be34c0db5c678b8f79d1666e6e4f0636f08e71037e151be484c2279c283940d80859c7e99900d3dd0e1a8ba4fb1bdc4619b91c8c334521b50b9a636bea

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

ono23

C2

144.91.79.9:443

172.245.97.148:443

85.204.116.139:443

185.62.188.117:443

185.222.202.76:443

144.91.79.12:443

185.68.93.43:443

195.123.238.191:443

146.185.219.29:443

195.133.196.151:443

91.235.129.60:443

23.227.206.170:443

185.222.202.192:443

190.154.203.218:449

178.183.150.169:449

200.116.199.10:449

187.58.56.26:449

177.103.240.149:449

81.190.160.139:449

200.21.51.38:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  5271f69c2c7ba291d588b7dcc371f72a117c0a7f3c2fe86676d6d2a8822e529c.exe
- Size
  
  534KB
- MD5
  
  ba820cf3ca3957bd6401fc39b8d692b9
- SHA1
  
  1a66dc68510e10ce83ce0c938c185bf67cf0eb44
- SHA256
  
  5271f69c2c7ba291d588b7dcc371f72a117c0a7f3c2fe86676d6d2a8822e529c
- SHA512
  
  e2c65fabf128bf9c80e0a483020349065b4e55fc05741dcc41e51fcb78fc808306946d9b53dfa357cde3593ad2dfdad57891a27c6a95ffc5e1fe6213b7c8ff65
Score

10^/10

trickbot ono23 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2