General

  • Target

    ac2af58ce1d8b530239c8079f6feebff0b0965cbe833d97d4b78980381cebe2a

  • Size

    264KB

  • Sample

    220205-nkqa5sbahq

  • MD5

    aa9ec42319f41de72f5a7cbd3d3a4422

  • SHA1

    4153acdba20a4a71ccdd45cab2e79e7bfb1fa494

  • SHA256

    ac2af58ce1d8b530239c8079f6feebff0b0965cbe833d97d4b78980381cebe2a

  • SHA512

    b54dfce4a6a91d166dd7e429f4af4505d13a37d8780854fb70b61bd9d851cc558f83fd307ddc74747909aa32d99ec4938e81f479bb7f80f6bc4f0b309ede5be8

Malware Config

Extracted

Family

trickbot

Version

1000508

Botnet

ono41

C2

164.132.255.19:443

188.119.113.114:443

176.119.159.147:443

51.254.164.243:443

178.156.202.251:443

185.234.72.24:443

194.5.250.52:443

217.12.209.244:443

185.99.2.123:443

185.198.57.75:443

93.189.42.81:443

148.251.185.186:443

79.137.101.2:443

51.89.115.121:443

91.200.100.84:443

194.5.250.69:443

185.14.30.45:443

185.99.2.142:443

107.175.133.162:443

5.196.247.14:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      ac2af58ce1d8b530239c8079f6feebff0b0965cbe833d97d4b78980381cebe2a

    • Size

      264KB

    • MD5

      aa9ec42319f41de72f5a7cbd3d3a4422

    • SHA1

      4153acdba20a4a71ccdd45cab2e79e7bfb1fa494

    • SHA256

      ac2af58ce1d8b530239c8079f6feebff0b0965cbe833d97d4b78980381cebe2a

    • SHA512

      b54dfce4a6a91d166dd7e429f4af4505d13a37d8780854fb70b61bd9d851cc558f83fd307ddc74747909aa32d99ec4938e81f479bb7f80f6bc4f0b309ede5be8

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Enterprise v6

Tasks