Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ee07e8c21a1cca68eb6cb14ce2b8f768e3f6e11f492e1c8ecca963b8c9685e7a
Size

364KB
Sample

220625-jcm4ladeb7
MD5

cec86610ef0e41f843f408bfb2d53486
SHA1

480cf2003f147392f6e4443631350e2e1f364d9f
SHA256

ee07e8c21a1cca68eb6cb14ce2b8f768e3f6e11f492e1c8ecca963b8c9685e7a
SHA512

b32e9e6c6f4945d759be10506c53f16052efd27da9c994af1c8782764444ec25a9217b8d110c9e0929843c44a1dcc261632f8ad0956f908734a0d29de461bdca

Score

10^/10

Malware Config

Extracted

Family	trickbot
Version	1000507
Botnet	ono38
C2	51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449 51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449
Attributes	autorun Name:pwgrab
ecc_pubkey.base64

Targets

- Target
  
  ee07e8c21a1cca68eb6cb14ce2b8f768e3f6e11f492e1c8ecca963b8c9685e7a
- Size
  
  364KB
- MD5
  
  cec86610ef0e41f843f408bfb2d53486
- SHA1
  
  480cf2003f147392f6e4443631350e2e1f364d9f
- SHA256
  
  ee07e8c21a1cca68eb6cb14ce2b8f768e3f6e11f492e1c8ecca963b8c9685e7a
- SHA512
  
  b32e9e6c6f4945d759be10506c53f16052efd27da9c994af1c8782764444ec25a9217b8d110c9e0929843c44a1dcc261632f8ad0956f908734a0d29de461bdca
Score

10^/10

trickbot ono38 banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2