1a5f3ca6597fcccd3295ead4d22ce70b

General
Target

1a5f3ca6597fcccd3295ead4d22ce70b

Size

540KB

Sample

210617-6hxwajevbs

Score
10 /10
MD5

1a5f3ca6597fcccd3295ead4d22ce70b

SHA1

31a359bfee00337bc9c6d23c2cb88737ac9b61c8

SHA256

7501da197ff9bcd49198dce9cf668442b3a04122d1034effb29d74e0a09529d7

SHA512

91e4f72900f10e39901cb4c3ca5f1d39d4f61501dc9b709ce03c55010606e341be5359252cc1d9a253a3f746af40321ca3a23a91d63dc69cd9b730110773b315

Malware Config

Extracted

Family trickbot
Version 2000030
Botnet tot112
C2

196.43.106.38:443

186.97.172.178:443

37.228.70.134:443

144.48.139.206:443

190.110.179.139:443

172.105.15.152:443

177.67.137.111:443

27.72.107.215:443

186.66.15.10:443

189.206.78.155:443

202.131.227.229:443

185.9.187.10:443

196.41.57.46:443

212.200.25.118:443

197.254.14.238:443

45.229.71.211:443

181.167.217.53:443

181.129.116.58:443

185.189.55.207:443

172.104.241.29:443

14.241.244.60:443

144.48.138.213:443

202.138.242.7:443

202.166.196.111:443

36.94.100.202:443

187.19.167.233:443

181.129.242.202:443

36.94.27.124:443

43.245.216.116:443

186.225.63.18:443

41.77.134.250:443

Attributes
autorun
Name: pwgrabb
Name: pwgrabc
ecc_pubkey.base64
Targets
Target

1a5f3ca6597fcccd3295ead4d22ce70b

MD5

1a5f3ca6597fcccd3295ead4d22ce70b

Filesize

540KB

Score
10 /10
SHA1

31a359bfee00337bc9c6d23c2cb88737ac9b61c8

SHA256

7501da197ff9bcd49198dce9cf668442b3a04122d1034effb29d74e0a09529d7

SHA512

91e4f72900f10e39901cb4c3ca5f1d39d4f61501dc9b709ce03c55010606e341be5359252cc1d9a253a3f746af40321ca3a23a91d63dc69cd9b730110773b315

Tags

Signatures

  • Trickbot

    Description

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10