Overview

overview

10

Static

static

0d2cda8805...68.dll

windows7_x64

10

0d2cda8805...68.dll

windows10-2004_x64

10

0ee7590362...44.exe

windows7_x64

10

0ee7590362...44.exe

windows10-2004_x64

10

1ddb782ee3...18.exe

windows7_x64

10

1ddb782ee3...18.exe

windows10-2004_x64

10

41b4e93a1d...11.dll

windows7_x64

10

41b4e93a1d...11.dll

windows10-2004_x64

10

606c060979...b5.dll

windows7_x64

10

606c060979...b5.dll

windows10-2004_x64

10

72534ec2c4...77.dll

windows7_x64

10

72534ec2c4...77.dll

windows10-2004_x64

10

9da8a5a0b5...e1.dll

windows7_x64

10

9da8a5a0b5...e1.dll

windows10-2004_x64

10

b99e41eff1...70.dll

windows7_x64

1

b99e41eff1...70.dll

windows10-2004_x64

1

b9e0e806c7...5b.exe

windows7_x64

10

b9e0e806c7...5b.exe

windows10-2004_x64

10

d215aa40c0...59.dll

windows7_x64

10

d215aa40c0...59.dll

windows10-2004_x64

10

e2f6ac2c14...dc.dll

windows7_x64

10

e2f6ac2c14...dc.dll

windows10-2004_x64

10

e45cc54b2d...9d.dll

windows7_x64

1

e45cc54b2d...9d.dll

windows10-2004_x64

1

f1b9d5520b...73.dll

windows7_x64

10

f1b9d5520b...73.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    downloads.zip

  • Size

    5.7MB

  • Sample

    220621-gygslabhfq

  • MD5

    2971fa29f53572eba03742ce54ee5f4b

  • SHA1

    c78ad7ab2b0c390158d34042cb311cc298c1f4e3

  • SHA256

    d3653992cbeaecd58a6fd47e178c6f8b7e60b54b3ec686d01841dedd4b744409

  • SHA512

    5cba7be44b03807e241da49c5c6510a8994eb98f4464cd4295d48ceda75b2529cfdea82b354c1106a6a91d7aa7689870b5017a62b63ead621ea5c11d40523d09

Score
10/10
trickbotlib108mon148mon159mon48mon92mon94rob106rob109soc1tot108bankerpackersuricatatrojan

Malware Config

Extracted

Family

trickbot

Version

100014

Botnet

mon159

C2

68.201.55.46:443

71.42.188.85:443

50.197.243.125:443

70.119.149.64:443

71.66.92.190:443

137.27.148.14:443

156.19.152.218:443

73.103.36.158:443

67.212.241.178:443

65.158.28.70:443

96.88.45.25:443

50.84.233.214:443

73.6.0.166:449

50.75.131.6:443

72.128.158.51:443

104.4.84.130:443

108.161.11.44:443

75.118.158.174:443

67.48.50.58:443

47.51.21.82:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

2000030

Botnet

lib108

C2

196.43.106.38:443

186.97.172.178:443

37.228.70.134:443

144.48.139.206:443

190.110.179.139:443

172.105.15.152:443

177.67.137.111:443

27.72.107.215:443

186.66.15.10:443

189.206.78.155:443

202.131.227.229:443

185.9.187.10:443

196.41.57.46:443

212.200.25.118:443

197.254.14.238:443

45.229.71.211:443

181.167.217.53:443

181.129.116.58:443

185.189.55.207:443

172.104.241.29:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

2000030

Botnet

tot108

C2

196.43.106.38:443

186.97.172.178:443

37.228.70.134:443

144.48.139.206:443

190.110.179.139:443

172.105.15.152:443

177.67.137.111:443

27.72.107.215:443

186.66.15.10:443

189.206.78.155:443

202.131.227.229:443

185.9.187.10:443

196.41.57.46:443

212.200.25.118:443

197.254.14.238:443

45.229.71.211:443

181.167.217.53:443

181.129.116.58:443

185.189.55.207:443

172.104.241.29:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100013

Botnet

mon94

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100013

Botnet

mon148

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100019

Botnet

soc1

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

rob109

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100018

Botnet

rob106

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443
Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100013

Botnet

mon92

C2

103.225.138.94:449

122.2.28.70:449

123.200.26.246:449

131.255.106.152:449

142.112.79.223:449

154.126.176.30:449

180.92.238.186:449

187.20.217.129:449

201.20.118.122:449

202.91.41.138:449

95.210.118.90:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Family

trickbot

Version

100011

Botnet

mon48

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      0d2cda88052d6a9feb73fd7383fb412f15a854f2af1d997dc1048a48edeeca68

    • Size

      680KB

    • MD5

      9a56fc82eecf183305cd5149c8888765

    • SHA1

      d85a5a7c54bab52186ca9a5017df504fbf49319d

    • SHA256

      0d2cda88052d6a9feb73fd7383fb412f15a854f2af1d997dc1048a48edeeca68

    • SHA512

      ce8268897e37560d023be13f28c4c71e375f0edec5db91521dba759b840b095cf106cc983ac2e3295a02784dd230eae503a9aa7637d0eb36d88a4737961758de

    Score
    10/10
    trickbotbankerpackertrojanmon159

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral1behavioral2

    • Target

      0ee7590362df39d54f390e2f5ae309d36f75961c992667ec34b1113fe405f344

    • Size

      1.3MB

    • MD5

      ad2d8367ebad467d07fc7ac3834db801

    • SHA1

      16f9f4831eee1faa40ab4bd027f3303c606c4de4

    • SHA256

      0ee7590362df39d54f390e2f5ae309d36f75961c992667ec34b1113fe405f344

    • SHA512

      86de35b8f5016f377b9bd641586970f9257b541f41e346a066f31fbe392c20322ffe5a80e9d996dc4fcfac2ce50be434620e8ad1ab4f24d4b8ce273b2ea2b06b

    Score
    10/10
    trickbotlib108bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot
    behavioral3behavioral4

    • Target

      1ddb782ee3b9f61cbdb87a1eb04f020de9e8febcea4d823b105c38d072f58818

    • Size

      1.3MB

    • MD5

      ff9ac7d5a13dd5ba7ad43eb14b7fdf22

    • SHA1

      9b4025714911d509a67423ed8beffbc49e54845d

    • SHA256

      1ddb782ee3b9f61cbdb87a1eb04f020de9e8febcea4d823b105c38d072f58818

    • SHA512

      ef9e4eaea126f58e12ecf27b7a61b03673974f5ef48dd1f6abf43b94f8b75fb2361f7132b0e7f955fe399717d1a3e45edf34d332995609a6c6dd91b088838924

    Score
    10/10
    trickbottot108bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot
    behavioral5behavioral6

    • Target

      41b4e93a1dd1b49e123b1c4a81dc6be266c5fee5f33263bdb7e3ca9e1a7c4011

    • Size

      548KB

    • MD5

      e2936c63d59cee0853f9d50fc857813c

    • SHA1

      a2bfa5bcf49ad7ac0cce9cfad21cfa320f7063e7

    • SHA256

      41b4e93a1dd1b49e123b1c4a81dc6be266c5fee5f33263bdb7e3ca9e1a7c4011

    • SHA512

      7937e5737c74d4ab064a66a5848cc47ea28927ee080e8773b8e46bc8a2c689f453299b415d8d15bbf3a0d00369c81a355ecd23bea8651ca960c0f9ed75ef21cc

    Score
    10/10
    trickbotmon94bankerpackertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral7behavioral8

    • Target

      606c0609795d39cb100592a57b8f0ccbb23809f6f77c5abc0baeb43cf177adb5

    • Size

      740KB

    • MD5

      7cc91fb0c73b92f4dcb529b5c2489489

    • SHA1

      84ce61490587d848295aa5eebfdd502c50e200bc

    • SHA256

      606c0609795d39cb100592a57b8f0ccbb23809f6f77c5abc0baeb43cf177adb5

    • SHA512

      c7127491c0cf1878b38c2417a072ffe8b123022b2b4d1d14706d783b7a23bc24df7185438c7c04a726dc01dd9d651574828e54dceb51b1094fc9c7abfca81d26

    Score
    10/10
    trickbotbankerpackertrojanmon148

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral9behavioral10

    • Target

      72534ec2c4fc2499e1f85e9149598d240177afc8b9e7b04e1df2abcf92a7b677

    • Size

      738KB

    • MD5

      55ee6dca51e918bd51a000b0899e275a

    • SHA1

      fea67687d4fd185246267305a76b53060407c7e9

    • SHA256

      72534ec2c4fc2499e1f85e9149598d240177afc8b9e7b04e1df2abcf92a7b677

    • SHA512

      21cfbd951732096c86e19c19fd5cf916473279e3f452775d425689e148675a525a3c4ccda95e5ea298607c6325102bdc790b0465b55740adac5313dea57f9a13

    Score
    10/10
    trickbotsoc1bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot
    behavioral11behavioral12

    • Target

      9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1

    • Size

      544KB

    • MD5

      47ba62ce119f28a55f90243a4dd8d324

    • SHA1

      e12851dd2353651d4249a13b0cbc4ca1cc06e753

    • SHA256

      9da8a5a0b5957db6112e927b607a8fd062b870f2132c4ae3442eb63235f789e1

    • SHA512

      45fd10c913b02416d4b8dd10249c13e87de30c3fd99a52f27ecbc9634d10493d1c4da797f14c08fded3b3f98e0fea3ddf57164c8a9ceb562498d463d65f6c652

    Score
    10/10
    trickbotrob109bankertrojansuricata

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral13behavioral14

    • Target

      b99e41eff12466eec7d69ed94156b9a29fdfadb108ee01019c258a631fadac70

    • Size

      1.0MB

    • MD5

      7e09c3d9ee6e83e7b6de694c4f72e129

    • SHA1

      13019bf341f28165f6e4729a7d76ec4f3eab1ad6

    • SHA256

      b99e41eff12466eec7d69ed94156b9a29fdfadb108ee01019c258a631fadac70

    • SHA512

      6b40cc14805eeefb1a68afff2d72e78cc9924fe8a3dd212459b846ad2bd184fb4854f5d95efb7c9267205c485e189f0d1651e1930f4c62b3b875e904a7ae59a2

    Score
    1/10
    behavioral15behavioral16

    • Target

      b9e0e806c71d915e3cc2401d4a0d0d1f5d4cf1f3eb15c93f862b07c416b1195b

    • Size

      1.3MB

    • MD5

      e8983edc448fcab51c510655384b3251

    • SHA1

      bdfb8b29614001dfe9922524c910ee4badb0e6fc

    • SHA256

      b9e0e806c71d915e3cc2401d4a0d0d1f5d4cf1f3eb15c93f862b07c416b1195b

    • SHA512

      3063019239d15ce9857590b221d7bffe30bac15636a8beeea57b5364f33708c5158514ea8dbf42fc73d5c8be6efdb2a0c0fba233de2d4defe195b2b0daffc245

    Score
    10/10
    trickbottot108bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot
    behavioral17behavioral18

    • Target

      d215aa40c0e512b7562cad4de5b0790d88facafcdef3f80484b08a50d0c47859

    • Size

      789KB

    • MD5

      05109b470054300ba8d5d60a5d4fe532

    • SHA1

      98aca1c1d6442a8b5b6c3200e429a5aead16f03a

    • SHA256

      d215aa40c0e512b7562cad4de5b0790d88facafcdef3f80484b08a50d0c47859

    • SHA512

      3bc9919bd7ae4e40e30d302fbd9a09024df4dc72e8ee5d17b5036e388c596ba2fad9a528d8a9be7f69f8ccbaab94ddaa4fb97628281e1dc0b90f9ed224c43a91

    Score
    10/10
    trickbotrob106bankersuricatatrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata
    behavioral19behavioral20

    • Target

      e2f6ac2c144bf28ac853c5dc3f3c4ce5ff08f42076c1d996c1ebb6362f9e66dc

    • Size

      547KB

    • MD5

      35ee773079b553e228c8cc8ddad09e80

    • SHA1

      f485418aaaf6f19e3667aab47d6c2fcb4cb3d545

    • SHA256

      e2f6ac2c144bf28ac853c5dc3f3c4ce5ff08f42076c1d996c1ebb6362f9e66dc

    • SHA512

      c7e0127018de1b8e51c98f222591bf7b2f185f4c2292797cb1261958419f012396c8f5d8be94e03dbd60cd00202b7bb858c114dfaefdcbdfaca1a57a8406c85c

    Score
    10/10
    trickbotmon92bankerpackertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral21behavioral22

    • Target

      e45cc54b2d0faaf9870ed2d7b4f7febd2cb4bc119e6989c23f29411085bd889d

    • Size

      1.0MB

    • MD5

      2c9eb27739df36e159da9d34e438baf3

    • SHA1

      18d3fdd405989e288fb827a85cd72173bd40c858

    • SHA256

      e45cc54b2d0faaf9870ed2d7b4f7febd2cb4bc119e6989c23f29411085bd889d

    • SHA512

      834be65dbe524d64d4ae2639f913b45a21b7fac2dc3995e60443707f883163f4fb0c66e7ff51f7974915eb7e4231039851f517010756152ac491757b15a04f9f

    Score
    1/10
    behavioral23behavioral24

    • Target

      f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73

    • Size

      329KB

    • MD5

      48cab21fcbe254e7c83f4c1d455a39dc

    • SHA1

      b96c1f765abb14eb401cacab6f6e203c3a255df9

    • SHA256

      f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73

    • SHA512

      0375a26a2d6d8990d202b75b4cb6797d03300ddc077c4dcb05778365212644ee49ce6e437fde0b77e1b8179d01ffad028635869d2f3897333b85471724d15ebc

    Score
    10/10
    trickbotmon48bankerpackertrojansuricata

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

      suricata

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer
    behavioral25behavioral26

MITRE ATT&CK Matrix

Tasks

static1

Score
N/A

behavioral1

trickbotbankerpackertrojan
Score
10/10

behavioral2

trickbotmon159bankerpackertrojan
Score
10/10

behavioral3

trickbotlib108bankertrojan
Score
10/10

behavioral4

trickbotlib108bankertrojan
Score
10/10

behavioral5

trickbottot108bankertrojan
Score
10/10

behavioral6

trickbottot108bankertrojan
Score
10/10

behavioral7

trickbotmon94bankerpackertrojan
Score
10/10

behavioral8

trickbotmon94bankerpackertrojan
Score
10/10

behavioral9

trickbotbankerpackertrojan
Score
10/10

behavioral10

trickbotmon148bankerpackertrojan
Score
10/10

behavioral11

trickbotsoc1bankertrojan
Score
10/10

behavioral12

trickbotsoc1bankertrojan
Score
10/10

behavioral13

trickbotrob109bankertrojan
Score
10/10

behavioral14

trickbotrob109bankersuricatatrojan
Score
10/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

trickbottot108bankertrojan
Score
10/10

behavioral18

trickbottot108bankertrojan
Score
10/10

behavioral19

trickbotrob106bankersuricatatrojan
Score
10/10

behavioral20

trickbotrob106bankersuricatatrojan
Score
10/10

behavioral21

trickbotmon92bankerpackertrojan
Score
10/10

behavioral22

trickbotmon92bankerpackertrojan
Score
10/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

trickbotmon48bankerpackertrojan
Score
10/10

behavioral26

trickbotmon48bankerpackersuricatatrojan
Score
10/10