Overview

overview

10

Static

static

7f6950ade2...c8.exe

windows7_x64

10

7f6950ade2...c8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8

  • Size

    324KB

  • Sample

    220701-dt1hcshhar

  • MD5

    b2dc507828839a7be9480788f3070f22

  • SHA1

    006e3c0e7edb3e46706c84bef04e5bc3dbe63c85

  • SHA256

    7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8

  • SHA512

    b14a9ce30bbad42e9ba048cba2e290cc6d50356694b9c1a92bb245469652a43b6e29ece76cfe403dd34b28bf1fe0548722c2df765842d11bd656a220407650fb

Score
10/10
trickbotred2bankertrojan

Malware Config

Extracted

Family

trickbot

Version

1000491

Botnet

red2

C2

23.94.70.12:443

5.182.210.132:443

5.2.75.137:443

172.82.152.136:443

198.23.252.117:443

194.5.250.62:443

185.14.30.176:443

195.123.245.127:443

195.54.162.179:443

184.164.137.190:443

198.46.161.213:443

64.44.51.106:443

107.172.251.159:443

85.143.220.41:443

107.172.29.108:443

107.172.208.51:443

107.181.187.221:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8

    • Size

      324KB

    • MD5

      b2dc507828839a7be9480788f3070f22

    • SHA1

      006e3c0e7edb3e46706c84bef04e5bc3dbe63c85

    • SHA256

      7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8

    • SHA512

      b14a9ce30bbad42e9ba048cba2e290cc6d50356694b9c1a92bb245469652a43b6e29ece76cfe403dd34b28bf1fe0548722c2df765842d11bd656a220407650fb

    Score
    10/10
    trickbotred2bankertrojan

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot x86 loader

      Detected Trickbot's x86 loader that unpacks the x86 payload.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks