trickbot | 94ffc5fde8cddb3e28ea1a17914b9120b5158f058eecc993d9b8e5a378d98a3c

Analysis

max time kernel
44s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-07-2022 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94ffc5fde8cddb3e28ea1a17914b9120b5158f058eecc993d9b8e5a378d98a3c.exe
Size

193KB
MD5

03e207d529998465a72ee7376bc5b180
SHA1

47a3edb81733b70e9c656ee1ba5d4c1944e8a111
SHA256

94ffc5fde8cddb3e28ea1a17914b9120b5158f058eecc993d9b8e5a378d98a3c
SHA512

6c0c01cc8bd312f207c8158c375b8cbb96fa1da9317d11c6a39cafdb329bb02f15b6ebc2606d17af108b46b753e2ee8e0d0ff59fc0ff0463efafeda81b5ec913

Score

10^/10

trickbot chil6 banker trojan

Malware Config

Extracted

Family

trickbot

Version

1000501

Botnet

chil6

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

C:\Users\Admin\AppData\Local\Temp\94ffc5fde8cddb3e28ea1a17914b9120b5158f058eecc993d9b8e5a378d98a3c.exe
"C:\Users\Admin\AppData\Local\Temp\94ffc5fde8cddb3e28ea1a17914b9120b5158f058eecc993d9b8e5a378d98a3c.exe"
1⤵
PID:1788

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/1788-55-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download