trickbot | 41b4e93a1dd1b49e123b1c4a81dc6be266c5fee5f33263bdb7e3ca9e1a7c4011 | Triage

Sharing

General

Target

mon94_cr.dll
Size

548KB
Sample

220611-vbnjhsgden
MD5

e2936c63d59cee0853f9d50fc857813c
SHA1

a2bfa5bcf49ad7ac0cce9cfad21cfa320f7063e7
SHA256

41b4e93a1dd1b49e123b1c4a81dc6be266c5fee5f33263bdb7e3ca9e1a7c4011
SHA512

7937e5737c74d4ab064a66a5848cc47ea28927ee080e8773b8e46bc8a2c689f453299b415d8d15bbf3a0d00369c81a355ecd23bea8651ca960c0f9ed75ef21cc

Score

10^/10

trickbot mon94 banker packer trojan

Malware Config

Extracted

Family

trickbot

Version

100013

Botnet

mon94

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  mon94_cr.dll
- Size
  
  548KB
- MD5
  
  e2936c63d59cee0853f9d50fc857813c
- SHA1
  
  a2bfa5bcf49ad7ac0cce9cfad21cfa320f7063e7
- SHA256
  
  41b4e93a1dd1b49e123b1c4a81dc6be266c5fee5f33263bdb7e3ca9e1a7c4011
- SHA512
  
  7937e5737c74d4ab064a66a5848cc47ea28927ee080e8773b8e46bc8a2c689f453299b415d8d15bbf3a0d00369c81a355ecd23bea8651ca960c0f9ed75ef21cc
Score

10^/10

trickbot mon94 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon94bankerpackertrojan

behavioral2

trickbotmon94bankerpackertrojan