trickbot | 38bda9baac921f012075d800e5a38f1f387c6c7b4956d1ce48296e759a73d09f | Triage

Sharing

General

Target

trickbot
Size

2.7MB
Sample

220704-ax8rcsdfhq
MD5

878c538a3acc666f96b74e987a3e579f
SHA1

abffed857f15d8a80e64aaf13667add9033c2aae
SHA256

38bda9baac921f012075d800e5a38f1f387c6c7b4956d1ce48296e759a73d09f
SHA512

3019872ba67859b3cd6df26367532df0ebfb40e502e33475794fe9624712b899c8ad292e3b2a3a2fa5823a3291756770c1334d3d1089f2b3e6acfc623d8bd5c7

Score

10^/10

trickbot rob109 banker suricata trojan

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

rob109

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  trickbot
- Size
  
  2.7MB
- MD5
  
  878c538a3acc666f96b74e987a3e579f
- SHA1
  
  abffed857f15d8a80e64aaf13667add9033c2aae
- SHA256
  
  38bda9baac921f012075d800e5a38f1f387c6c7b4956d1ce48296e759a73d09f
- SHA512
  
  3019872ba67859b3cd6df26367532df0ebfb40e502e33475794fe9624712b899c8ad292e3b2a3a2fa5823a3291756770c1334d3d1089f2b3e6acfc623d8bd5c7
Score

10^/10

trickbot rob109 banker suricata trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotrob109bankersuricatatrojan