General

  • Target

    8b17cccbbd04e3e1490ba17a84db900a8cfa32ef67f2f6b333eaa088f81aed04

  • Size

    364KB

  • Sample

    220205-qeezbsbfb5

  • MD5

    f6e2f34344a24a60de5aa89ca7fab625

  • SHA1

    53c3af37ed3f3626ac5b64c39c9ef33e1ea43197

  • SHA256

    8b17cccbbd04e3e1490ba17a84db900a8cfa32ef67f2f6b333eaa088f81aed04

  • SHA512

    f5e18252e3412bef94bea6c335ca2202e6317e5e4d8a2caaf2ca2feca900d84e9eefbcecaa4aef1ba074f3dca5685c943c1eeb4fb883fa669da41adeeeefdd69

Malware Config

Extracted

Family

trickbot

Version

1000507

Botnet

ono38

C2

51.89.115.112:443

185.141.27.225:443

151.80.212.114:443

5.182.210.178:443

188.119.113.60:443

91.235.129.199:443

185.234.72.193:443

194.5.250.200:443

185.14.29.141:443

185.99.2.197:443

185.234.72.50:443

194.5.250.201:443

108.170.61.186:443

217.12.209.159:443

185.99.2.44:443

51.89.115.108:443

164.68.120.58:443

164.132.255.19:443

148.251.185.164:443

94.250.250.69:443

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      8b17cccbbd04e3e1490ba17a84db900a8cfa32ef67f2f6b333eaa088f81aed04

    • Size

      364KB

    • MD5

      f6e2f34344a24a60de5aa89ca7fab625

    • SHA1

      53c3af37ed3f3626ac5b64c39c9ef33e1ea43197

    • SHA256

      8b17cccbbd04e3e1490ba17a84db900a8cfa32ef67f2f6b333eaa088f81aed04

    • SHA512

      f5e18252e3412bef94bea6c335ca2202e6317e5e4d8a2caaf2ca2feca900d84e9eefbcecaa4aef1ba074f3dca5685c943c1eeb4fb883fa669da41adeeeefdd69

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Enterprise v6

Tasks