Overview

overview

10

Static

static

adjure.07.15.2021.doc

windows7_x64

10

adjure.07.15.2021.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adjure.07.15.2021.doc

  • Size

    87KB

  • Sample

    210716-y5akamy9xj

  • MD5

    a4e5382ad73aa72478e5264bc44c4167

  • SHA1

    9a3641ccc9bef7a17632070a21b9e2fa7af85fad

  • SHA256

    562e2dab4a855410150587c82ab64eac1e2230a0405b3e032c75451c5baf6a8a

  • SHA512

    914b42cd057ae27d1e65dc02f112b2ced21a5ac7ee79f0b096993b1967695e03ab492a78592a7ac5ff8ee7875661fe91f89b754f32fcc6710a94e67a4b029a5a

Score
10/10
trickbotzev1bankertrojan

Malware Config

Extracted

Family

trickbot

Version

2000031

Botnet

zev1

C2

14.232.161.45:443

118.173.233.64:443

41.57.156.203:443

45.239.234.2:443

45.201.136.3:443

177.10.90.29:443

185.17.105.236:443

91.237.161.87:443

185.189.55.207:443

186.225.119.170:443

143.0.208.20:443

222.124.16.74:443

220.82.64.198:443

200.236.218.62:443

178.216.28.59:443

45.239.233.131:443

196.216.59.174:443

119.202.8.249:443

82.159.149.37:443

49.248.217.170:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      adjure.07.15.2021.doc

    • Size

      87KB

    • MD5

      a4e5382ad73aa72478e5264bc44c4167

    • SHA1

      9a3641ccc9bef7a17632070a21b9e2fa7af85fad

    • SHA256

      562e2dab4a855410150587c82ab64eac1e2230a0405b3e032c75451c5baf6a8a

    • SHA512

      914b42cd057ae27d1e65dc02f112b2ced21a5ac7ee79f0b096993b1967695e03ab492a78592a7ac5ff8ee7875661fe91f89b754f32fcc6710a94e67a4b029a5a

    Score
    10/10
    trickbotzev1bankertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks