trickbot | a5dbee433d7d11dfff76b54e00c1879f969787f9b760908add1f89946381165e | Triage

Sharing

General

Target

a5dbee433d7d11dfff76b54e00c1879f969787f9b760908add1f89946381165e
Size

785KB
Sample

220128-wbl65ahha6
MD5

6ea7faecac6158738d49f2d838981251
SHA1

e7a26ef19640e1856438d73c2fd5814b90036fe4
SHA256

a5dbee433d7d11dfff76b54e00c1879f969787f9b760908add1f89946381165e
SHA512

84491b95cd6e7c8241093a5db04497775dff8cd9cfd4986d9457cefa48276921bfccd48fae58c7d3ef8bdd68f76b664a43d01bb4dca81bea2ca1a3aeb87f2921

Score

10^/10

trickbot trgt5688 banker trojan

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

trgt5688

C2

192.3.104.46:443

23.94.233.210:443

172.82.152.126:443

192.3.247.11:443

202.29.215.114:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  a5dbee433d7d11dfff76b54e00c1879f969787f9b760908add1f89946381165e
- Size
  
  785KB
- MD5
  
  6ea7faecac6158738d49f2d838981251
- SHA1
  
  e7a26ef19640e1856438d73c2fd5814b90036fe4
- SHA256
  
  a5dbee433d7d11dfff76b54e00c1879f969787f9b760908add1f89946381165e
- SHA512
  
  84491b95cd6e7c8241093a5db04497775dff8cd9cfd4986d9457cefa48276921bfccd48fae58c7d3ef8bdd68f76b664a43d01bb4dca81bea2ca1a3aeb87f2921
Score

10^/10

trickbot trgt5688 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbottrgt5688bankertrojan

behavioral2