trickbot

General

Target

5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
Size

509KB
Sample

220731-w2kqzsbah5
MD5

5de0159c82fdd78e94b2565d105d3dae
SHA1

2b267c1cfde9af7d1807983f69d83cff234d0fe6
SHA256

5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
SHA512

8100297f681243c29d5d4e33d48d8bfa64b0dbef6530f8a1b78d6120a15f04d8ccc8a034865d5c9321e5bab97098ab2673385f1de62e3fb463a548ab5dc0cd94

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000231

Botnet

ser0719

C2

138.34.32.218:443

178.78.202.189:443

85.9.212.117:443

93.109.242.134:443

103.210.30.201:443

158.58.131.54:443

87.117.146.63:443

118.200.151.113:443

89.117.107.13:443

109.86.227.152:443

200.2.126.98:443

31.29.62.112:443

83.167.164.81:443

194.68.23.182:443

182.253.210.130:449

77.89.86.93:443

70.79.178.120:449

68.109.83.22:443

185.129.193.221:443

184.68.167.42:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
- Size
  
  509KB
- MD5
  
  5de0159c82fdd78e94b2565d105d3dae
- SHA1
  
  2b267c1cfde9af7d1807983f69d83cff234d0fe6
- SHA256
  
  5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
- SHA512
  
  8100297f681243c29d5d4e33d48d8bfa64b0dbef6530f8a1b78d6120a15f04d8ccc8a034865d5c9321e5bab97098ab2673385f1de62e3fb463a548ab5dc0cd94
Score

10^/10

trickbot banker trojan ser0719
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot x86 loader
  Detected Trickbot's x86 loader that unpacks the x86 payload.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot x86 loader

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2