General

  • Target

    26d61225f07e39d9e35880631c5043626eb8e3846a526a44015d3a5d03642d55

  • Size

    604KB

  • Sample

    220201-mrzbysdbaj

  • MD5

    b84454eadd276ae3699d42906c920c39

  • SHA1

    50fc1b7b3116bd5f7ae9a2ab7475e7086543f6e1

  • SHA256

    26d61225f07e39d9e35880631c5043626eb8e3846a526a44015d3a5d03642d55

  • SHA512

    a7450bb0c21ed7d80f70a731793f7a58470e42886fb75916803d7323cba16145c65490a81d95747f8abf5a6d5ea76c93b81c85a641f50b614a4a307f8eac7a51

Malware Config

Extracted

Family

trickbot

Version

1000499

Botnet

jim679

C2

5.182.210.226:443

82.146.62.52:443

193.26.217.243:443

5.2.78.77:443

107.172.165.149:443

185.14.29.84:443

178.156.202.130:443

185.62.188.10:443

5.255.96.115:443

212.80.216.209:443

195.133.145.31:443

5.34.177.97:443

85.143.216.206:443

185.99.2.193:443

5.182.210.4:443

178.156.202.120:443

146.185.253.197:443

194.99.21.139:443

185.200.241.248:443

185.183.96.43:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      26d61225f07e39d9e35880631c5043626eb8e3846a526a44015d3a5d03642d55

    • Size

      604KB

    • MD5

      b84454eadd276ae3699d42906c920c39

    • SHA1

      50fc1b7b3116bd5f7ae9a2ab7475e7086543f6e1

    • SHA256

      26d61225f07e39d9e35880631c5043626eb8e3846a526a44015d3a5d03642d55

    • SHA512

      a7450bb0c21ed7d80f70a731793f7a58470e42886fb75916803d7323cba16145c65490a81d95747f8abf5a6d5ea76c93b81c85a641f50b614a4a307f8eac7a51

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Matrix

Tasks