trickbot | 0b7684b8bcb73d9f427c4e223c1485f4fe314050172676f13750b306821258f7

Analysis

max time kernel
70s
max time network
50s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-05-2022 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7684b8bcb73d9f427c4e223c1485f4fe314050172676f13750b306821258f7.exe
Size

509KB
MD5

571f963de20e09432c8b04ac7bf20199
SHA1

95644ce6a0b14a3673f216740b230a497e5a5387
SHA256

0b7684b8bcb73d9f427c4e223c1485f4fe314050172676f13750b306821258f7
SHA512

4873312e12dc059d9e827e23474d1bf776a32d48821ef0286660e003469831f3edb7dcdb46d092209958e88cd71261db85ef91af885b738ae78218f97a2a5658

Score

10^/10

trickbot sat19 banker trojan

Malware Config

Extracted

Family

trickbot

Version

1000231

Botnet

sat19

138.34.32.218:443

178.78.202.189:443

85.9.212.117:443

93.109.242.134:443

103.210.30.201:443

158.58.131.54:443

87.117.146.63:443

118.200.151.113:443

89.117.107.13:443

109.86.227.152:443

200.2.126.98:443

31.29.62.112:443

83.167.164.81:443

194.68.23.182:443

182.253.210.130:449

77.89.86.93:443

70.79.178.120:449

68.109.83.22:443

185.129.193.221:443

184.68.167.42:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 1 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral1/memory/1892-54-0x0000000010000000-0x0000000010040000-memory.dmp	trickbot_loader32

C:\Users\Admin\AppData\Local\Temp\0b7684b8bcb73d9f427c4e223c1485f4fe314050172676f13750b306821258f7.exe
"C:\Users\Admin\AppData\Local\Temp\0b7684b8bcb73d9f427c4e223c1485f4fe314050172676f13750b306821258f7.exe"
1⤵
PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1892-54-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download