trickbot | 874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e

General

Target

874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e
Size

194KB
Sample

220625-mmpa7aaha6
MD5

668538d0b771b9d3b8f0c08b7e0cf2cb
SHA1

e026d8827b70edd50b243a8e6b84f4046c78e9e7
SHA256

874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e
SHA512

34f961ff86cd7d343064118dc9a0b997918b6e4f56f9bbc05b939564f7f630c3e4be2102e04dd68297b2fcc8a6ba2e2ed5f0b7a17abe1f7edd9064fe390e7478

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000499

Botnet

tot677

C2

5.182.210.226:443

82.146.62.52:443

193.26.217.243:443

5.2.78.77:443

107.172.165.149:443

185.14.29.84:443

178.156.202.130:443

185.62.188.10:443

5.255.96.115:443

212.80.216.209:443

195.133.145.31:443

5.34.177.97:443

85.143.216.206:443

185.99.2.193:443

5.182.210.4:443

178.156.202.120:443

146.185.253.197:443

194.99.21.139:443

185.200.241.248:443

185.183.96.43:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e
- Size
  
  194KB
- MD5
  
  668538d0b771b9d3b8f0c08b7e0cf2cb
- SHA1
  
  e026d8827b70edd50b243a8e6b84f4046c78e9e7
- SHA256
  
  874ad08ec387fe79bf61045da552ffcd93f5a8a8678f89306d5b107b13fda23e
- SHA512
  
  34f961ff86cd7d343064118dc9a0b997918b6e4f56f9bbc05b939564f7f630c3e4be2102e04dd68297b2fcc8a6ba2e2ed5f0b7a17abe1f7edd9064fe390e7478
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2