trickbot

General

Target

99481ff0_by_Libranalysis
Size

369KB
Sample

210505-g7nxbst632
MD5

99481ff0ba0d3471d7034b33ce448c0d
SHA1

a0bbda6bf35cc4f94a12cd6e5fd7aab1e5192cad
SHA256

78492ec9943ac8222caada24e96673faf9d82afaca74ff7b05b4d02673b6bb77
SHA512

82f2437fc3f05314f4f34337e4456c28175bda25ff17ab607b74b4fb1ef750f5a6978df7785607d7e4d679e7b3fff5b2cc3aa25ca1eb98bbdbcd1cdbf38a118d

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

ono23

C2

144.91.79.9:443

172.245.97.148:443

85.204.116.139:443

185.62.188.117:443

185.222.202.76:443

144.91.79.12:443

185.68.93.43:443

195.123.238.191:443

146.185.219.29:443

195.133.196.151:443

91.235.129.60:443

23.227.206.170:443

185.222.202.192:443

190.154.203.218:449

178.183.150.169:449

200.116.199.10:449

187.58.56.26:449

177.103.240.149:449

81.190.160.139:449

200.21.51.38:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e9c98bff81ba5138f040cef7acbcb56f0f80abcf41ecf4893d4700e308f6427a.exe
- Size
  
  520KB
- MD5
  
  5f0e0f1511af373e889e1b5d479aa3e7
- SHA1
  
  abd62078830a775b96d2818678284636c4541370
- SHA256
  
  e9c98bff81ba5138f040cef7acbcb56f0f80abcf41ecf4893d4700e308f6427a
- SHA512
  
  64d8b9b9148e0bac0d7acb6f997b00c09deea50d5c1f0b42c958fa3a7c6d554bc26caeedcf8da4c98e35e3928755b6973c14f488d81f55858cd1ad95bf979158
Score

10^/10

trickbot ono23 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2