trickbot | 65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b | Triage

Sharing

General

Target

subzero.png.dll
Size

706KB
Sample

211021-sxrf7aaeb3
MD5

a3e7540eaef734b4f74c23bfda1023a0
SHA1

377859b3d44cd40f21fb20b682169b447c0e8fb2
SHA256

65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b
SHA512

84e0aea7b15608d59401c3124c82bc599a629e6d4f95b75c58d8bb204071acc2c40160ca5a3a50553c2c472401fb51513530e7f28fbb5531321216577c1657b3

Score

10^/10

trickbot rob136 banker trojan

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

rob136

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  subzero.png.dll
- Size
  
  706KB
- MD5
  
  a3e7540eaef734b4f74c23bfda1023a0
- SHA1
  
  377859b3d44cd40f21fb20b682169b447c0e8fb2
- SHA256
  
  65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b
- SHA512
  
  84e0aea7b15608d59401c3124c82bc599a629e6d4f95b75c58d8bb204071acc2c40160ca5a3a50553c2c472401fb51513530e7f28fbb5531321216577c1657b3
Score

10^/10

trickbot rob136 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotrob136bankertrojan

behavioral2

trickbotrob136bankertrojan