Overview

overview

10

Static

static

81cb4e71e4...6b.exe

windows7_x64

10

81cb4e71e4...6b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81cb4e71e4327b1969f30625661c6e027c8e33cfc04be4acd20cbe3a913c236b

  • Size

    798KB

  • Sample

    220128-wcqkyahehr

  • MD5

    f9432bae538f5cf24d0a417a539c62e4

  • SHA1

    e63abcd741809c81ad40fa6005f0fea7b9c045ea

  • SHA256

    81cb4e71e4327b1969f30625661c6e027c8e33cfc04be4acd20cbe3a913c236b

  • SHA512

    75e9652cea27e0959a9d159d6455ebebf37e5ba3c9c6f5709119611f706a6dfb984bc58cf26c91d57a2716920a5741d227e852c6fc902cfbaab3955e9a177c78

Score
10/10
trickbottrgt5688bankertrojan

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

trgt5688

C2

192.3.104.46:443

23.94.233.210:443

172.82.152.126:443

192.3.247.11:443

202.29.215.114:449
Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      81cb4e71e4327b1969f30625661c6e027c8e33cfc04be4acd20cbe3a913c236b

    • Size

      798KB

    • MD5

      f9432bae538f5cf24d0a417a539c62e4

    • SHA1

      e63abcd741809c81ad40fa6005f0fea7b9c045ea

    • SHA256

      81cb4e71e4327b1969f30625661c6e027c8e33cfc04be4acd20cbe3a913c236b

    • SHA512

      75e9652cea27e0959a9d159d6455ebebf37e5ba3c9c6f5709119611f706a6dfb984bc58cf26c91d57a2716920a5741d227e852c6fc902cfbaab3955e9a177c78

    Score
    10/10
    trickbottrgt5688bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks