trickbot | 14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236 | Triage

Submit
Reports

Overview

overview

Static

static

14bf422be5...36.exe

windows7_x64

14bf422be5...36.exe

windows10-2004_x64

Sharing

General

Target

14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
Size

838KB
Sample

220602-xeyj1adgbj
MD5

c73b681fd96c7b0d8161db0ec6f821a3
SHA1

f29151ef218a47c57dabfa7adc8be3879fd1f9c9
SHA256

14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
SHA512

b1736aaa38ca59aa17a443e5b180bf1e758d18b37798e54e116e45fc6a6fd86d3575548b4288d4381f1a8606a7909b44e1581f0aacf5e81c684cf98fb38139b4

Score

10^/10

trickbot trgt98888 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236.exe

Resource

win7-20220414-en

trickbot trgt98888 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236.exe

Resource

win10v2004-20220414-en

trickbot trgt98888 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

trickbot

Version

1000479

Botnet

trgt98888

C2

192.3.104.46:443

23.94.233.210:443

172.82.152.126:443

192.3.247.11:443

202.29.215.114:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
- Size
  
  838KB
- MD5
  
  c73b681fd96c7b0d8161db0ec6f821a3
- SHA1
  
  f29151ef218a47c57dabfa7adc8be3879fd1f9c9
- SHA256
  
  14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
- SHA512
  
  b1736aaa38ca59aa17a443e5b180bf1e758d18b37798e54e116e45fc6a6fd86d3575548b4288d4381f1a8606a7909b44e1581f0aacf5e81c684cf98fb38139b4
Score

10^/10

trickbot trgt98888 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trickbottrgt98888bankertrojan

behavioral2

trickbottrgt98888bankertrojan

© 2018-2024

Terms | Privacy