Overview

overview

10

Static

static

5cd5117a6e...f0.dll

windows7_x64

10

5cd5117a6e...f0.dll

windows10_x64

10

Resubmissions

23-09-2021 14:52

210923-r89apsega9 10

16-09-2021 02:31

210916-cz3z1abhc4 1

16-09-2021 02:30

210916-czcstabhb9 1

16-09-2021 02:27

210916-cxvwlsbhb6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0.dll

  • Size

    424KB

  • Sample

    210923-r89apsega9

  • MD5

    ae5a227472b36642f4325c2fd4f884f5

  • SHA1

    7efc236d4804073a99337a7833b9536c358c49bc

  • SHA256

    5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0

  • SHA512

    dbb2f38f14785e8e27d5e7e313bf8f8a9812f8cb2bf0aeed3a3fd8f76f246aa8f8a5c4a17c4fb7c48f97dddcd883b9b3a31ee96b6b18bb310db3fb6cab5f3d2a

Score
10/10
trickbotzem1bankertrojan

Malware Config

Extracted

Family

trickbot

Version

2000034

Botnet

zem1

C2

103.36.126.221:443

84.236.171.231:443

14.102.72.204:443

176.100.4.31:443

165.73.90.187:443

103.23.237.6:443

122.117.90.133:443

103.61.100.252:443

36.95.110.19:443

103.65.193.144:443

117.220.229.162:443

103.113.105.126:443

14.102.46.9:443

139.255.199.196:443

157.119.215.186:443

151.106.48.226:443

36.91.36.29:443

117.196.235.194:443

14.102.188.227:443

103.75.32.38:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0.dll

    • Size

      424KB

    • MD5

      ae5a227472b36642f4325c2fd4f884f5

    • SHA1

      7efc236d4804073a99337a7833b9536c358c49bc

    • SHA256

      5cd5117a6e5ce9208897678ed6c44bf821f02326b01386589e56e0adbe0581f0

    • SHA512

      dbb2f38f14785e8e27d5e7e313bf8f8a9812f8cb2bf0aeed3a3fd8f76f246aa8f8a5c4a17c4fb7c48f97dddcd883b9b3a31ee96b6b18bb310db3fb6cab5f3d2a

    Score
    10/10
    trickbotzem1bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks