trickbot | 8d6e5a67290d22e5bb7e2beed6d83c67bb40455c3a2e27e802997aaa7f98760a | Triage

Sharing

General

Target

8d6e5a67290d22e5bb7e2beed6d83c67bb40455c3a2e27e802997aaa7f98760a
Size

783KB
Sample

220128-wm8jhaaca5
MD5

d6a5b2ae9da9601c52c4d430bdc4c15e
SHA1

d89480a4b11438499e962d525f9b9f8f940b217c
SHA256

8d6e5a67290d22e5bb7e2beed6d83c67bb40455c3a2e27e802997aaa7f98760a
SHA512

84f0436991e31568153ad83f0008b569f28fd1609560af4b9cff7003a8912efdee331e403d3e8eae76793d6da757cd9197f93c71111db9c19fb905b25a4fb9ba

Score

10^/10

trickbot trgt5688 banker trojan

Malware Config

Extracted

Family

trickbot

Version

1000480

Botnet

trgt5688

C2

192.3.104.46:443

23.94.233.210:443

172.82.152.126:443

192.3.247.11:443

202.29.215.114:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  8d6e5a67290d22e5bb7e2beed6d83c67bb40455c3a2e27e802997aaa7f98760a
- Size
  
  783KB
- MD5
  
  d6a5b2ae9da9601c52c4d430bdc4c15e
- SHA1
  
  d89480a4b11438499e962d525f9b9f8f940b217c
- SHA256
  
  8d6e5a67290d22e5bb7e2beed6d83c67bb40455c3a2e27e802997aaa7f98760a
- SHA512
  
  84f0436991e31568153ad83f0008b569f28fd1609560af4b9cff7003a8912efdee331e403d3e8eae76793d6da757cd9197f93c71111db9c19fb905b25a4fb9ba
Score

10^/10

trickbot trgt5688 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbottrgt5688bankertrojan

behavioral2