Overview

overview

10

Static

static

989109101e...34.exe

windows7_x64

10

989109101e...34.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    989109101e065aaa1e86b67a3f4629229047ce2c5bf39da53f775e54ee888534

  • Size

    977KB

  • Sample

    220128-w2sftsadak

  • MD5

    224e89cd4b5c4f8fdf2cff1c4dfe42e2

  • SHA1

    c7371ce37c57a8725ddf4d551ecdbae8b097e638

  • SHA256

    989109101e065aaa1e86b67a3f4629229047ce2c5bf39da53f775e54ee888534

  • SHA512

    36e5d09662a70dd123d02af8124376aaf4c91cc58b7bd9b1f0b5e3c9cc4ba25965ccc906264efe518593f76476a6828531dd911dfa80b631d80cc9b6af8c39bc

Score
10/10
trickbottrgeu1bankertrojan

Malware Config

Extracted

Family

trickbot

Version

1000475

Botnet

trgeu1

C2

45.80.148.30:443

194.5.250.83:443

185.222.202.223:443

66.55.71.11:443

94.156.144.3:443

185.244.150.142:443

194.5.250.82:443

31.184.253.37:443

109.234.34.135:443

45.66.11.116:443

185.222.202.222:443

46.30.41.229:443

45.142.213.58:443

190.154.203.218:449

189.80.134.122:449

200.116.199.10:449

181.113.20.186:449

187.58.56.26:449

85.11.116.194:449

177.103.240.149:449
Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      989109101e065aaa1e86b67a3f4629229047ce2c5bf39da53f775e54ee888534

    • Size

      977KB

    • MD5

      224e89cd4b5c4f8fdf2cff1c4dfe42e2

    • SHA1

      c7371ce37c57a8725ddf4d551ecdbae8b097e638

    • SHA256

      989109101e065aaa1e86b67a3f4629229047ce2c5bf39da53f775e54ee888534

    • SHA512

      36e5d09662a70dd123d02af8124376aaf4c91cc58b7bd9b1f0b5e3c9cc4ba25965ccc906264efe518593f76476a6828531dd911dfa80b631d80cc9b6af8c39bc

    Score
    10/10
    trickbottrgeu1bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks