trickbot | e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663

General

Target

4b535dbe595f89c3bcaa4f43cc1323a3.virus
Size

133KB
Sample

211112-wmz75aahhk
MD5

4b535dbe595f89c3bcaa4f43cc1323a3
SHA1

4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
SHA256

e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
SHA512

1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

soc1

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  4b535dbe595f89c3bcaa4f43cc1323a3.virus
- Size
  
  133KB
- MD5
  
  4b535dbe595f89c3bcaa4f43cc1323a3
- SHA1
  
  4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
- SHA256
  
  e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
- SHA512
  
  1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d
Score

10^/10

suricata
- suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

Looks up external IP address via web service

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2