General

  • Target

    3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32

  • Size

    440KB

  • Sample

    220701-f8tdpseagp

  • MD5

    bcc88c48e2b3f1c09366e4412155ad7b

  • SHA1

    6c86cc8c856e89edfa1990cb03b3b93853a0bac2

  • SHA256

    3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32

  • SHA512

    b3bce9ec94eeb0a5d6fb8f0efc8160e8da5526358bfbca082db5e4349cc027d8eed5f09cfe71fec737b78989af3f9943bc983c6ba00071491cde4022011e75d9

Malware Config

Extracted

Family

trickbot

Version

1000074

Botnet

kas55

C2

79.170.7.139:449

196.202.194.202:451

176.120.126.21:449

91.239.249.118:449

156.17.92.161:449

188.137.86.7:449

178.254.183.34:449

178.254.183.13:449

178.217.117.240:449

178.217.119.241:449

94.251.188.225:449

186.71.234.176:449

190.226.126.182:449

178.169.129.202:449

37.114.195.246:449

79.119.121.185:449

188.120.249.181:443

62.109.9.121:443

179.43.147.208:443

188.120.248.190:443

Attributes
  • autorun
    Control:GetSystemInfo
    Name:systeminfo
    Name:injectDll
ecc_pubkey.base64

Targets

    • Target

      3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32

    • Size

      440KB

    • MD5

      bcc88c48e2b3f1c09366e4412155ad7b

    • SHA1

      6c86cc8c856e89edfa1990cb03b3b93853a0bac2

    • SHA256

      3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32

    • SHA512

      b3bce9ec94eeb0a5d6fb8f0efc8160e8da5526358bfbca082db5e4349cc027d8eed5f09cfe71fec737b78989af3f9943bc983c6ba00071491cde4022011e75d9

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks