Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
Size

448KB
Sample

220630-3cz8pscaek
MD5

8b75355e205e6789778fd5146df70677
SHA1

4360948fcc779f11cf5221c6b60b0f0208ee7e36
SHA256

ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
SHA512

279411907be2d86e7cb8dd577ccee2e6b8197045bc4ae388729b882f9f7d83941c105d098efcbe5aeea366d66f6ab3082b66a6b5b5deee26f3a4557f1a9f7b10

Score

10^/10

Malware Config

Extracted

Family	trickbot
Version	1000507
Botnet	ono38
C2	51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449 51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449
Attributes	autorun Name:pwgrab
ecc_pubkey.base64

Targets

- Target
  
  ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
- Size
  
  448KB
- MD5
  
  8b75355e205e6789778fd5146df70677
- SHA1
  
  4360948fcc779f11cf5221c6b60b0f0208ee7e36
- SHA256
  
  ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
- SHA512
  
  279411907be2d86e7cb8dd577ccee2e6b8197045bc4ae388729b882f9f7d83941c105d098efcbe5aeea366d66f6ab3082b66a6b5b5deee26f3a4557f1a9f7b10
Score

10^/10

trickbot ono38 banker dave trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot

Dave packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2