trickbot

General

Target

deExCurr.jpg
Size

476KB
Sample

210915-rh7n7aagf3
MD5

4bd0fc62839634ee821bde097f46029d
SHA1

f893b444beeb34b00e3051af15709ca74e400fd9
SHA256

d3cf9bb5e187a709098886375712e646d071d1d395c09761fd4c123d027a1de2
SHA512

350895968eb2a956c4e74f67a85ad3dce5da463c8468d6356d0091de024e69aa3271d7bd9ba2e2adb5d1976063d274e1d17bf0ee33683bff093e6d5c0463e973

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000033

Botnet

zev4

C2

179.42.137.102:443

191.36.152.198:443

179.42.137.104:443

179.42.137.106:443

179.42.137.108:443

202.183.12.124:443

194.190.18.122:443

103.56.207.230:443

171.103.187.218:449

171.103.189.118:449

18.139.111.104:443

179.42.137.105:443

186.4.193.75:443

171.101.229.2:449

179.42.137.107:443

103.56.43.209:449

179.42.137.110:443

45.181.207.156:443

197.44.54.162:449

179.42.137.109:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  deExCurr.jpg
- Size
  
  476KB
- MD5
  
  4bd0fc62839634ee821bde097f46029d
- SHA1
  
  f893b444beeb34b00e3051af15709ca74e400fd9
- SHA256
  
  d3cf9bb5e187a709098886375712e646d071d1d395c09761fd4c123d027a1de2
- SHA512
  
  350895968eb2a956c4e74f67a85ad3dce5da463c8468d6356d0091de024e69aa3271d7bd9ba2e2adb5d1976063d274e1d17bf0ee33683bff093e6d5c0463e973
Score

10^/10

trickbot zev4 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2