trickbot | a75d65360e93d601f64e323f50a3c249484e240e4027c2e74806e41ee24b5b35 | Triage

Sharing

General

Target

a75d65360e93d601f64e323f50a3c249484e240e4027c2e74806e41ee24b5b35
Size

767KB
Sample

220128-vyyyrshbdr
MD5

969aa847ffb68104078d84b5cc17e26c
SHA1

f840bdaa91e9cce452ab5c2cc0a016b9eff3bb13
SHA256

a75d65360e93d601f64e323f50a3c249484e240e4027c2e74806e41ee24b5b35
SHA512

7c44bda7d221b8b5bf7d9613c37e79ad85cbd56a37c2faf2bcf94124f76e600fe3196f8ee161e4f1a0e3226db2c2ebaba00610026feb4c657aebd0a808e51f6e

Score

10^/10

trickbot trgt5688 banker trojan

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

trgt5688

C2

192.3.104.46:443

23.94.233.210:443

172.82.152.126:443

192.3.247.11:443

202.29.215.114:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  a75d65360e93d601f64e323f50a3c249484e240e4027c2e74806e41ee24b5b35
- Size
  
  767KB
- MD5
  
  969aa847ffb68104078d84b5cc17e26c
- SHA1
  
  f840bdaa91e9cce452ab5c2cc0a016b9eff3bb13
- SHA256
  
  a75d65360e93d601f64e323f50a3c249484e240e4027c2e74806e41ee24b5b35
- SHA512
  
  7c44bda7d221b8b5bf7d9613c37e79ad85cbd56a37c2faf2bcf94124f76e600fe3196f8ee161e4f1a0e3226db2c2ebaba00610026feb4c657aebd0a808e51f6e
Score

10^/10

trickbot trgt5688 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbottrgt5688bankertrojan

behavioral2

trickbottrgt5688bankertrojan