trickbot

Resubmissions

19-08-2021 15:32

210819-m2ynmcjlss 10

27-07-2021 09:15

210727-ldxh9zwtks 10

Sharing

Copy URL

Twitter E-mail

General

Target

959401845a0e916f9478c5858cf9531f2af3114bd4306d11b8e291cb1a6dd7e4
Size

355KB
Sample

210727-ldxh9zwtks
MD5

2c44c5d73e41faa18291e4e6cfe28018
SHA1

d2f716026a1c3cada8f047fb8481bc87b504443a
SHA256

959401845a0e916f9478c5858cf9531f2af3114bd4306d11b8e291cb1a6dd7e4
SHA512

372fc2a73d413aef039d657190ff5e8dd2934078cd4b24a2220939707037ac3ad174aead86d92315161f13682affd28b8daf24aa86ca0bd1e89170ddafffdeba

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

lib102

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  959401845a0e916f9478c5858cf9531f2af3114bd4306d11b8e291cb1a6dd7e4
- Size
  
  355KB
- MD5
  
  2c44c5d73e41faa18291e4e6cfe28018
- SHA1
  
  d2f716026a1c3cada8f047fb8481bc87b504443a
- SHA256
  
  959401845a0e916f9478c5858cf9531f2af3114bd4306d11b8e291cb1a6dd7e4
- SHA512
  
  372fc2a73d413aef039d657190ff5e8dd2934078cd4b24a2220939707037ac3ad174aead86d92315161f13682affd28b8daf24aa86ca0bd1e89170ddafffdeba
Score

10^/10

trickbot lib102 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2