trickbot

General

Target

http___142.11.195.33_images_lovemetertok.png
Size

544KB
Sample

210722-36f6al77f2
MD5

48b86834eae4754427c9de930bd9ce90
SHA1

cdcd3bcb11ed490a9603808347455f52a1676ec8
SHA256

b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
SHA512

c34e653270810c17f8f9be8122d7ae075012bc5eab837ebc57d44df6bf2968e74227c00f7a97ffb6c348b6031ed9ed64d340eac075f6c8a2d475d100c21bb955

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

rob109

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  http___142.11.195.33_images_lovemetertok.png
- Size
  
  544KB
- MD5
  
  48b86834eae4754427c9de930bd9ce90
- SHA1
  
  cdcd3bcb11ed490a9603808347455f52a1676ec8
- SHA256
  
  b161eb34e5513131f4b0a4c0318646ed3448122445d7924e03ff5822a6e2d2dd
- SHA512
  
  c34e653270810c17f8f9be8122d7ae075012bc5eab837ebc57d44df6bf2968e74227c00f7a97ffb6c348b6031ed9ed64d340eac075f6c8a2d475d100c21bb955
Score

10^/10

trickbot rob109 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2