Overview

overview

10

Static

static

4ACA899FF6...32.exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ACA899FF680343889BD9E2D616F1132.exe

  • Size

    1.2MB

  • Sample

    220112-pgynsacea7

  • MD5

    4aca899ff680343889bd9e2d616f1132

  • SHA1

    a4d7806fb256d0f7d5acd272b81387d42d5ffda6

  • SHA256

    97aa05fceef261ee4ca00025a69280b8f9843ba6531a48ee543eed1f37af8c27

  • SHA512

    b482f61f27c489a47c9fa999cf9378a4e3ba7e096c987f9568fb62f7c47c97fc2425d4f99ac056575e775f72cac61cbf505ac14f13e0ff9f3178d9edee69190a

Score
10/10
trickbotmor1bankerpersistencetrojan

Malware Config

Extracted

Family

trickbot

Version

2000022

Botnet

mor1

C2

85.204.116.83:443

91.200.100.143:443

83.151.14.13:443

107.191.61.39:443

113.160.129.15:443

139.162.182.54:443

139.162.44.152:443

144.202.106.23:443

158.247.219.186:443

172.105.107.25:443

172.105.190.51:443

172.105.196.53:443

172.105.25.190:443

178.79.138.253:443

192.46.229.48:443

207.246.92.48:443

216.128.130.16:443

45.79.126.97:443

45.79.155.9:443

45.79.212.97:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      4ACA899FF680343889BD9E2D616F1132.exe

    • Size

      1.2MB

    • MD5

      4aca899ff680343889bd9e2d616f1132

    • SHA1

      a4d7806fb256d0f7d5acd272b81387d42d5ffda6

    • SHA256

      97aa05fceef261ee4ca00025a69280b8f9843ba6531a48ee543eed1f37af8c27

    • SHA512

      b482f61f27c489a47c9fa999cf9378a4e3ba7e096c987f9568fb62f7c47c97fc2425d4f99ac056575e775f72cac61cbf505ac14f13e0ff9f3178d9edee69190a

    Score
    10/10
    trickbotmor1bankerpersistencetrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks