trickbot

General

Target

4258847107f34b9621a5d8f843da1e06350870c784dbbaecd675bae7fadec32a
Size

432KB
Sample

220708-dbllgsgdf2
MD5

cc81fe7fb6e003030f177cd05cf9e60c
SHA1

da90ab593c8906513c90143767ab6676889c898e
SHA256

4258847107f34b9621a5d8f843da1e06350870c784dbbaecd675bae7fadec32a
SHA512

e44cf55774bbce4ed20bc1fbe21971fbbc3fcdb2af7555bf2f022266a5b1320f4c83514e1826149dce6206427cb51db05c4086996b2c7f3ab019e7bae75dada8

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000491

Botnet

tot632

C2

23.94.70.12:443

5.182.210.132:443

5.2.75.137:443

172.82.152.136:443

198.23.252.117:443

194.5.250.62:443

185.14.30.176:443

195.123.245.127:443

195.54.162.179:443

184.164.137.190:443

198.46.161.213:443

64.44.51.106:443

107.172.251.159:443

85.143.220.41:443

107.172.29.108:443

107.172.208.51:443

107.181.187.221:443

190.214.13.2:449

181.140.173.186:449

181.129.104.139:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  4258847107f34b9621a5d8f843da1e06350870c784dbbaecd675bae7fadec32a
- Size
  
  432KB
- MD5
  
  cc81fe7fb6e003030f177cd05cf9e60c
- SHA1
  
  da90ab593c8906513c90143767ab6676889c898e
- SHA256
  
  4258847107f34b9621a5d8f843da1e06350870c784dbbaecd675bae7fadec32a
- SHA512
  
  e44cf55774bbce4ed20bc1fbe21971fbbc3fcdb2af7555bf2f022266a5b1320f4c83514e1826149dce6206427cb51db05c4086996b2c7f3ab019e7bae75dada8
Score

10^/10

trickbot tot632 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2