Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

7f62815f2d8325584e3fe2b28a3705e53ca75abfa13a6b6eae68fc5440c46fac
Size

448KB
Sample

220625-fcdndaefan
MD5

d225d4aab52217753e4ab2d304a6bdd3
SHA1

9b2ec23a722ba5ce3bb5baf4c5be09a514816cb5
SHA256

7f62815f2d8325584e3fe2b28a3705e53ca75abfa13a6b6eae68fc5440c46fac
SHA512

2a69c0a986c441de386f01c195e459c512fe61d3e8de87faa223f3f8c653988930c31b8c127d887fdbeb591ac03b92929f11e50e8719ba8fcaf2a6784eebf2e8

Score

10^/10

Malware Config

Extracted

Family	trickbot
Version	1000507
Botnet	ono38
C2	51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449 51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449
Attributes	autorun Name:pwgrab
ecc_pubkey.base64

Targets

- Target
  
  7f62815f2d8325584e3fe2b28a3705e53ca75abfa13a6b6eae68fc5440c46fac
- Size
  
  448KB
- MD5
  
  d225d4aab52217753e4ab2d304a6bdd3
- SHA1
  
  9b2ec23a722ba5ce3bb5baf4c5be09a514816cb5
- SHA256
  
  7f62815f2d8325584e3fe2b28a3705e53ca75abfa13a6b6eae68fc5440c46fac
- SHA512
  
  2a69c0a986c441de386f01c195e459c512fe61d3e8de87faa223f3f8c653988930c31b8c127d887fdbeb591ac03b92929f11e50e8719ba8fcaf2a6784eebf2e8
Score

10^/10

trickbot ono38 banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2