trickbot

General

Target

8ab13031395b6bd2857181daa7d9afe3fd1347e87495d37014d50009deb916f0
Size

484KB
Sample

220625-je84vadfb5
MD5

4ae1e944e71185d7138cc25a86a49ef0
SHA1

de647ea7fc6b8cc770b0d755e3c0414eec29c71d
SHA256

8ab13031395b6bd2857181daa7d9afe3fd1347e87495d37014d50009deb916f0
SHA512

df7e58f46c2662c75793bb317ec7bb1730c6bbd81280c94650b2afadb50645b7f165497ebccb3d4ea9b80cdfcf67bb7f3ad6512e45d0c606aac00e456ea84177

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000484

Botnet

jim612

C2

185.117.119.179:443

93.189.42.182:443

5.34.176.43:443

45.141.100.6:443

91.235.129.223:443

146.185.219.131:443

94.156.35.235:443

188.165.62.17:443

198.46.163.40:443

192.3.247.106:443

194.5.250.169:443

37.230.114.53:443

194.5.250.109:443

66.85.173.57:443

103.219.213.102:449

117.255.221.135:449

45.224.214.34:449

170.84.78.224:449

189.28.185.50:449

177.154.86.145:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  8ab13031395b6bd2857181daa7d9afe3fd1347e87495d37014d50009deb916f0
- Size
  
  484KB
- MD5
  
  4ae1e944e71185d7138cc25a86a49ef0
- SHA1
  
  de647ea7fc6b8cc770b0d755e3c0414eec29c71d
- SHA256
  
  8ab13031395b6bd2857181daa7d9afe3fd1347e87495d37014d50009deb916f0
- SHA512
  
  df7e58f46c2662c75793bb317ec7bb1730c6bbd81280c94650b2afadb50645b7f165497ebccb3d4ea9b80cdfcf67bb7f3ad6512e45d0c606aac00e456ea84177
Score

10^/10

trickbot jim612 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2