trickbot

General

Target

5b99daa58d2f59f7066c1d0ce82884217e3ad693d6f5f26ed351f96754a790cb
Size

424KB
Sample

220708-kfdvrsbeb9
MD5

a0c729c01ea861b5a20294303a612b9f
SHA1

ae122915a28c02908e1088670914962b827c42e0
SHA256

5b99daa58d2f59f7066c1d0ce82884217e3ad693d6f5f26ed351f96754a790cb
SHA512

976ec722e3c459b5a7158a9b5fc5414b7d40b5ad636e3b1cac8b3911f5b2cf2ccb8fa0c87d5c384f4d8bca5f564d44e178a0e6e491055d470ae95d333a568a6a

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100009

Botnet

lib5

C2

149.54.11.54:449

36.89.191.119:449

41.159.31.227:449

103.150.68.124:449

103.126.185.7:449

103.112.145.58:449

103.110.53.174:449

102.164.208.44:449

194.5.249.143:443

142.202.191.175:443

195.123.241.31:443

45.89.125.214:443

45.83.151.103:443

91.200.103.41:443

66.70.246.0:443

64.74.160.218:443

198.46.198.115:443

5.34.180.173:443

23.227.196.5:443

195.123.241.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  5b99daa58d2f59f7066c1d0ce82884217e3ad693d6f5f26ed351f96754a790cb
- Size
  
  424KB
- MD5
  
  a0c729c01ea861b5a20294303a612b9f
- SHA1
  
  ae122915a28c02908e1088670914962b827c42e0
- SHA256
  
  5b99daa58d2f59f7066c1d0ce82884217e3ad693d6f5f26ed351f96754a790cb
- SHA512
  
  976ec722e3c459b5a7158a9b5fc5414b7d40b5ad636e3b1cac8b3911f5b2cf2ccb8fa0c87d5c384f4d8bca5f564d44e178a0e6e491055d470ae95d333a568a6a
Score

10^/10

trickbot lib5 banker trojan suricata
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
  suricata
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2