trickbot

General

Target

dop12
Size

424KB
Sample

210915-s7gdzaeaan
MD5

31abfa41fa7ee1a3f49f53017e241312
SHA1

5a941a881d2cdadf2463555185a8ef1632b38b2a
SHA256

8257670ce02db5845c976e2793008242119c3414a772b369f3fa63da3201adce
SHA512

7dc46bb0f0af8a3584f8a0b3fd4e3504b53dae5ce317b3f8a2f54da0deac3cb95022b1b83075dec72bd3bfea0ae87d46d807d3ba5a8d06f2f1bdd497b0de50bd

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000034

Botnet

zem1

C2

103.36.126.221:443

84.236.171.231:443

14.102.72.204:443

176.100.4.31:443

165.73.90.187:443

103.23.237.6:443

122.117.90.133:443

103.61.100.252:443

36.95.110.19:443

103.65.193.144:443

117.220.229.162:443

103.113.105.126:443

14.102.46.9:443

139.255.199.196:443

157.119.215.186:443

151.106.48.226:443

36.91.36.29:443

117.196.235.194:443

14.102.188.227:443

103.75.32.38:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  dop12
- Size
  
  424KB
- MD5
  
  31abfa41fa7ee1a3f49f53017e241312
- SHA1
  
  5a941a881d2cdadf2463555185a8ef1632b38b2a
- SHA256
  
  8257670ce02db5845c976e2793008242119c3414a772b369f3fa63da3201adce
- SHA512
  
  7dc46bb0f0af8a3584f8a0b3fd4e3504b53dae5ce317b3f8a2f54da0deac3cb95022b1b83075dec72bd3bfea0ae87d46d807d3ba5a8d06f2f1bdd497b0de50bd
Score

10^/10

trickbot zem1 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2