trickbot

Resubmissions

11-06-2021 06:43

210611-ghq6ysb75j 10

10-06-2021 19:21

210610-vfygj4t1yn 10

Sharing

Copy URL

Twitter E-mail

General

Target

20210610_id068aa.dll
Size

460KB
Sample

210610-vfygj4t1yn
MD5

d79ab901b334ecfec1320778fdd507c5
SHA1

1c273f4e329c5527625a75fcb9488522e9c555e0
SHA256

87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4
SHA512

7505d65c9b81752a13dc1df1e0226173deb5e7caf22fb1a3a3131770c5853667c1989a4f3acb8e5035575ee77fa342ee855e277f639a700e5210424908f6c267

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100017

Botnet

mon311

178.72.192.20:443

103.124.145.98:443

45.5.152.39:443

114.7.240.222:443

85.248.1.126:443

94.183.237.101:443

146.196.121.219:443

89.37.1.2:443

94.142.179.77:443

177.221.39.161:443

85.175.171.246:443

103.12.160.164:443

180.178.106.50:443

94.142.179.179:443

46.209.140.220:443

123.231.149.122:443

123.231.149.123:443

182.160.116.190:443

131.0.112.122:443

116.0.6.110:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  20210610_id068aa.dll
- Size
  
  460KB
- MD5
  
  d79ab901b334ecfec1320778fdd507c5
- SHA1
  
  1c273f4e329c5527625a75fcb9488522e9c555e0
- SHA256
  
  87402c2ee3595cd862dbb82648aa9ebf17d41ceb05f912e50493d9ba96acb9a4
- SHA512
  
  7505d65c9b81752a13dc1df1e0226173deb5e7caf22fb1a3a3131770c5853667c1989a4f3acb8e5035575ee77fa342ee855e277f639a700e5210424908f6c267
Score

10^/10

trickbot mon311 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2