Overview

overview

10

Static

static

b1134656d4...49.exe

windows7_x64

10

b1134656d4...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1134656d4ba2afdc286a0ebfa1a5ef3150dafd8927c32480f2a666119737649

  • Size

    985KB

  • Sample

    220625-f8lzmaabe8

  • MD5

    ccb8fbcc5284781176fdc7de2e919230

  • SHA1

    9bba0792dea018c9c4e81eb384fe7f65b937df54

  • SHA256

    b1134656d4ba2afdc286a0ebfa1a5ef3150dafd8927c32480f2a666119737649

  • SHA512

    e2b3dad60d52ce15562db9af845b0bcc5292c39d2af53cdabee56ec29d588df89b8d87e532c608e0b123fef5efb3c2dfc2ca75965c5da4ad941cb792aa6e35dc

Score
10/10
trickbotwecan22bankerdavetrojan

Malware Config

Extracted

Family

trickbot

Version

1000498

Botnet

wecan22

C2

5.182.210.226:443

82.146.62.52:443

164.68.120.56:443

185.11.146.86:443

5.2.78.70:443

185.65.202.240:443

193.26.217.243:443

81.177.180.254:443

5.34.177.40:443

185.186.77.222:443

188.227.84.209:443

185.45.193.76:443

46.229.213.27:443

88.99.112.87:443

51.254.164.240:443

45.148.120.13:443

5.2.78.77:443

64.44.51.125:443

107.172.165.149:443

45.148.120.14:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      b1134656d4ba2afdc286a0ebfa1a5ef3150dafd8927c32480f2a666119737649

    • Size

      985KB

    • MD5

      ccb8fbcc5284781176fdc7de2e919230

    • SHA1

      9bba0792dea018c9c4e81eb384fe7f65b937df54

    • SHA256

      b1134656d4ba2afdc286a0ebfa1a5ef3150dafd8927c32480f2a666119737649

    • SHA512

      e2b3dad60d52ce15562db9af845b0bcc5292c39d2af53cdabee56ec29d588df89b8d87e532c608e0b123fef5efb3c2dfc2ca75965c5da4ad941cb792aa6e35dc

    Score
    10/10
    trickbotwecan22bankerdavetrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks