trickbot | e72af7daf7c5b00e68346f48edf9eb2db9bfeb1c4d2b5ceacc1da4755e4c18ea | Triage

Sharing

General

Target

e72af7daf7c5b00e68346f48edf9eb2db9bfeb1c4d2b5ceacc1da4755e4c18ea
Size

1.8MB
Sample

211207-p5hx8shcfn
MD5

9b3cfc8261b4b497f6d685c442d945b8
SHA1

1ef32b4acdf6dc283e900bc1a44e1a1332c8ad7c
SHA256

e72af7daf7c5b00e68346f48edf9eb2db9bfeb1c4d2b5ceacc1da4755e4c18ea
SHA512

fa27c0e0bf2ca41233b18c67ba6a5963cc920ccdaccdae670b98917c6731623e4befa177ff54a52c282e052ce17b798a6a4039ee0552d320002b6fc3a2e473db

Score

10^/10

trickbot rob141 banker suricata trojan

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

rob141

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  e72af7daf7c5b00e68346f48edf9eb2db9bfeb1c4d2b5ceacc1da4755e4c18ea
- Size
  
  1.8MB
- MD5
  
  9b3cfc8261b4b497f6d685c442d945b8
- SHA1
  
  1ef32b4acdf6dc283e900bc1a44e1a1332c8ad7c
- SHA256
  
  e72af7daf7c5b00e68346f48edf9eb2db9bfeb1c4d2b5ceacc1da4755e4c18ea
- SHA512
  
  fa27c0e0bf2ca41233b18c67ba6a5963cc920ccdaccdae670b98917c6731623e4befa177ff54a52c282e052ce17b798a6a4039ee0552d320002b6fc3a2e473db
Score

10^/10

trickbot rob141 banker suricata trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotrob141bankersuricatatrojan