trickbot

General

Target

da4f8f4c23b8001b39cbaa73365e74ac7c645dc1f3012c75a087f11f3ab1a4c6
Size

264KB
Sample

220524-2yrm1seghm
MD5

a37cf076cc73148bf5a269d3a56851c9
SHA1

3382ca6f23f49f58555b045de72dca076f90b9f9
SHA256

da4f8f4c23b8001b39cbaa73365e74ac7c645dc1f3012c75a087f11f3ab1a4c6
SHA512

1b38c62656179233168a1f3a3a5ea4baeb0467822b9b1aa5529e222fc0e8458cb653de6aa119c9191b88b1f4349404c1cd950b2909327c0572d40e1b3ac912b9

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000512

Botnet

chil77

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  da4f8f4c23b8001b39cbaa73365e74ac7c645dc1f3012c75a087f11f3ab1a4c6
- Size
  
  264KB
- MD5
  
  a37cf076cc73148bf5a269d3a56851c9
- SHA1
  
  3382ca6f23f49f58555b045de72dca076f90b9f9
- SHA256
  
  da4f8f4c23b8001b39cbaa73365e74ac7c645dc1f3012c75a087f11f3ab1a4c6
- SHA512
  
  1b38c62656179233168a1f3a3a5ea4baeb0467822b9b1aa5529e222fc0e8458cb653de6aa119c9191b88b1f4349404c1cd950b2909327c0572d40e1b3ac912b9
Score

10^/10

trickbot chil77 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2