Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f9dcf34b900c9a712e4d0fd6ec05347654a95ed662a1c6cd7628b00805c0223

  • Size

    1.8MB

  • Sample

    211207-p6934scbf8

  • MD5

    7a5d7f3b659224502ee69c4ab2a8f5c3

  • SHA1

    18c807363fa2ac1508df8340f41ce278cf854e19

  • SHA256

    6f9dcf34b900c9a712e4d0fd6ec05347654a95ed662a1c6cd7628b00805c0223

  • SHA512

    3495a11daf4c4dee651e0a891980f8e48a8d4c4d33049139e23e6b0e7ebb7bdc87fba805b8b6d7001fad1704282f483464bd2e5668fb036106706250392d6dba

Score
10/10
trickbotrob141bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

rob141

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      6f9dcf34b900c9a712e4d0fd6ec05347654a95ed662a1c6cd7628b00805c0223

    • Size

      1.8MB

    • MD5

      7a5d7f3b659224502ee69c4ab2a8f5c3

    • SHA1

      18c807363fa2ac1508df8340f41ce278cf854e19

    • SHA256

      6f9dcf34b900c9a712e4d0fd6ec05347654a95ed662a1c6cd7628b00805c0223

    • SHA512

      3495a11daf4c4dee651e0a891980f8e48a8d4c4d33049139e23e6b0e7ebb7bdc87fba805b8b6d7001fad1704282f483464bd2e5668fb036106706250392d6dba

    Score
    10/10
    trickbotrob141bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix

Tasks