Overview

overview

10

Static

static

8

71412027c3...fe.doc

windows7_x64

10

71412027c3...fe.doc

windows10-2004_x64

1

Resubmissions

05-06-2022 07:22

220605-h7hlxsdbdp 10

17-10-2020 13:32

201017-dc9vb74zss 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe

  • Size

    508KB

  • Sample

    220605-h7hlxsdbdp

  • MD5

    ef267ca731b0a1ba54dec692a3be199f

  • SHA1

    04913b97d707bd6ad6008f004fcc82f8bcc9c720

  • SHA256

    e2a37fcb753fa41eb96311ec4017469ed6a7123171275b8b1812c28ac61bfff3

  • SHA512

    8e6fe551197fd52118683140a3c732584be30855a52b0904901a258f03e3a2a1d4b005a8aaa67c48845f167d64f7fcef119b3ccb6006538fafcdb5b5696c29aa

Score
10/10
trickbotono82bankermacromacro_on_actionpackertrojan

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

ono82

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe.doc

    • Size

      1.2MB

    • MD5

      a6e6fddbc42409c5a0a3dee8e84d6f2a

    • SHA1

      6e0a27833a3d429a98b887e575263b05f3665e61

    • SHA256

      71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe

    • SHA512

      e560cf9b4b992c16beacb8d66418306364c5f8aef9279df15bf048f8d7740937d12185f98152f5e729cbc7c3c600fca97123f64ef48602b409d27ee6595a1c1a

    Score
    10/10
    trickbotono82bankerpackertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks