Description
This typically indicates the parent process was compromised via an exploit or macro.
RNP-00152.xlsm
87KB
211021-sk6eksbdaj
7ac2366ab4515b9f37be3187deea9bc0
c4cee812f0fb97c510e149a28c1a55b6c5da2c9e
0b149fc1f48da1d2c02d778be120427483403cd7519fc7f69e741288b120cb9d
db221383ef594bb4b2be2fac9a33f465dac8cdaaf4aafa8b376e57ef5ab337c596379100972c9809d79a5ad8293b2a1294308a23b0ee22512aa474f8d0e7fe7e
Family | trickbot |
Version | 100019 |
Botnet | rob136 |
C2 |
65.152.201.203:443 185.56.175.122:443 46.99.175.217:443 179.189.229.254:443 46.99.175.149:443 181.129.167.82:443 216.166.148.187:443 46.99.188.223:443 128.201.76.252:443 62.99.79.77:443 60.51.47.65:443 24.162.214.166:443 45.36.99.184:443 97.83.40.67:443 184.74.99.214:443 103.105.254.17:443 62.99.76.213:443 82.159.149.52:443 |
Attributes |
autorun Name:pwgrabb Name:pwgrabc |
ecc_pubkey.base64 |
|
RNP-00152.xlsm
7ac2366ab4515b9f37be3187deea9bc0
87KB
c4cee812f0fb97c510e149a28c1a55b6c5da2c9e
0b149fc1f48da1d2c02d778be120427483403cd7519fc7f69e741288b120cb9d
db221383ef594bb4b2be2fac9a33f465dac8cdaaf4aafa8b376e57ef5ab337c596379100972c9809d79a5ad8293b2a1294308a23b0ee22512aa474f8d0e7fe7e
This typically indicates the parent process was compromised via an exploit or macro.
Developed in 2016, TrickBot is one of the more recent banking Trojans.