Overview

overview

10

Static

static

5534b7acb4...5d.exe

windows7_x64

10

5534b7acb4...5d.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-07-2022 04:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d.exe

  • Size

    432KB

  • MD5

    77a940af07da194ff27c1d33fd7dce73

  • SHA1

    af15833d70ab5dccb3014616b3e24259b802f2c4

  • SHA256

    5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d

  • SHA512

    f5d92f1c8d23f4bfc32004e8dbd7d88f732a455bdf94e10e6a5a456e7e4762006d3b17550822496b8a3f6f06c4de68152b4f650c1546159b55a90a59649f8dd0

Score
10/10
trickbottot632bankertrojan

Malware Config

Extracted

Family

trickbot

Version

1000491

Botnet

tot632

C2

23.94.70.12:443

5.182.210.132:443

5.2.75.137:443

172.82.152.136:443

198.23.252.117:443

194.5.250.62:443

185.14.30.176:443

195.123.245.127:443

195.54.162.179:443

184.164.137.190:443

198.46.161.213:443

64.44.51.106:443

107.172.251.159:443

85.143.220.41:443

107.172.29.108:443

107.172.208.51:443

107.181.187.221:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Trickbot x86 loader 5 IoCs

    Detected Trickbot's x86 loader that unpacks the x86 payload.

  • Executes dropped EXE 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d.exe
    "C:\Users\Admin\AppData\Local\Temp\5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
      C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        3⤵
          PID:1380
    • C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
      C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4600
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe
        2⤵
          PID:4216

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
        Filesize

        432KB

        MD5

        77a940af07da194ff27c1d33fd7dce73

        SHA1

        af15833d70ab5dccb3014616b3e24259b802f2c4

        SHA256

        5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d

        SHA512

        f5d92f1c8d23f4bfc32004e8dbd7d88f732a455bdf94e10e6a5a456e7e4762006d3b17550822496b8a3f6f06c4de68152b4f650c1546159b55a90a59649f8dd0

        Download Submit
      • C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
        Filesize

        432KB

        MD5

        77a940af07da194ff27c1d33fd7dce73

        SHA1

        af15833d70ab5dccb3014616b3e24259b802f2c4

        SHA256

        5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d

        SHA512

        f5d92f1c8d23f4bfc32004e8dbd7d88f732a455bdf94e10e6a5a456e7e4762006d3b17550822496b8a3f6f06c4de68152b4f650c1546159b55a90a59649f8dd0

        Download Submit
      • C:\Users\Admin\AppData\Roaming\sysdefragler\7734b9acb499f398230d38289a4218c8712a3fe2f843b0c7fd04d84c07d79f7d.exe
        Filesize

        432KB

        MD5

        77a940af07da194ff27c1d33fd7dce73

        SHA1

        af15833d70ab5dccb3014616b3e24259b802f2c4

        SHA256

        5534b7acb497f398230d38287a4216c8512a3fe2f643b0c5fd04d64c05d57f5d

        SHA512

        f5d92f1c8d23f4bfc32004e8dbd7d88f732a455bdf94e10e6a5a456e7e4762006d3b17550822496b8a3f6f06c4de68152b4f650c1546159b55a90a59649f8dd0

        Download Submit
      • memory/1380-143-0x00000261DECB0000-0x00000261DECD0000-memory.dmp
        Filesize

        128KB

        Download
      • memory/1380-142-0x0000000000000000-mapping.dmp
        Download
      • memory/2392-135-0x0000000000000000-mapping.dmp
        Download
      • memory/2392-144-0x0000000002750000-0x000000000277E000-memory.dmp
        Filesize

        184KB

        Download
      • memory/2392-146-0x0000000010000000-0x0000000010005000-memory.dmp
        Filesize

        20KB

        Download
      • memory/4216-152-0x0000000000000000-mapping.dmp
        Download
      • memory/4216-155-0x00000273F0B00000-0x00000273F0B20000-memory.dmp
        Filesize

        128KB

        Download
      • memory/4532-132-0x0000000002120000-0x000000000214E000-memory.dmp
        Filesize

        184KB

        Download
      • memory/4532-145-0x0000000002120000-0x000000000214E000-memory.dmp
        Filesize

        184KB

        Download
      • memory/4532-134-0x0000000002120000-0x000000000214E000-memory.dmp
        Filesize

        184KB

        Download
      • memory/4600-153-0x0000000000D80000-0x0000000000DAE000-memory.dmp
        Filesize

        184KB

        Download
      • memory/4600-154-0x0000000010000000-0x0000000010005000-memory.dmp
        Filesize

        20KB

        Download