trickbot

Resubmissions

27-05-2021 15:09

210527-787xtyy7jn 10

27-05-2021 14:23

210527-mslhnm544x 10

Sharing

Copy URL

Twitter E-mail

General

Target

MoaJqus.bin
Size

450KB
Sample

210527-mslhnm544x
MD5

8b27e610e9793a628e069cdda466e097
SHA1

1d428bc0eb2b51afa9e698feefa0f5620609c4a3
SHA256

a0a22b08f16c8861542b9c36ccfe927b55ae643bd9d3864b3517a0f23cf68d7c
SHA512

8795a90b36c9973000b79f9b980750f0db13f929d522d7ac9cf8162a71e0fe3724705276a3b323ddeb697cfb3196e6b00af65cd2756eb6cda92f65b43095165c

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000030

Botnet

rob91

196.43.106.38:443

186.97.172.178:443

37.228.70.134:443

144.48.139.206:443

190.110.179.139:443

172.105.15.152:443

177.67.137.111:443

27.72.107.215:443

186.66.15.10:443

189.206.78.155:443

202.131.227.229:443

185.9.187.10:443

196.41.57.46:443

212.200.25.118:443

197.254.14.238:443

45.229.71.211:443

181.167.217.53:443

181.129.116.58:443

185.189.55.207:443

172.104.241.29:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  MoaJqus.bin
- Size
  
  450KB
- MD5
  
  8b27e610e9793a628e069cdda466e097
- SHA1
  
  1d428bc0eb2b51afa9e698feefa0f5620609c4a3
- SHA256
  
  a0a22b08f16c8861542b9c36ccfe927b55ae643bd9d3864b3517a0f23cf68d7c
- SHA512
  
  8795a90b36c9973000b79f9b980750f0db13f929d522d7ac9cf8162a71e0fe3724705276a3b323ddeb697cfb3196e6b00af65cd2756eb6cda92f65b43095165c
Score

10^/10

trickbot rob91 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2