Resubmissions

28-12-2022 22:31

221228-2fqb8sbg86 10

14-12-2022 23:42

221214-3qdxmabd63 10

25-11-2022 08:33

221125-kfz31ahd2z 10

General

  • Target

    78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef

  • Size

    340KB

  • Sample

    221125-kfz31ahd2z

  • MD5

    8cae5869e6826b0b592e5ac2e6eafc19

  • SHA1

    3915ebc715e3ceb76d681048d83e18077d745106

  • SHA256

    78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef

  • SHA512

    14805b1d039e22ac99fba363cd966852d4a19ebeb99547eabc0dc8fed89c70157c2def3f970ec7877653b3568a9aa8d284de4dbca0ee4022f21262829ad6ad02

  • SSDEEP

    6144:knLnX/q0zG+QAx0eW/IS3bgdE+OLz5yT9N6LzKhkYU:kDXg+QA/6b9nn5yJNkYU

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon47

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes
autorun
Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef

    • Size

      340KB

    • MD5

      8cae5869e6826b0b592e5ac2e6eafc19

    • SHA1

      3915ebc715e3ceb76d681048d83e18077d745106

    • SHA256

      78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef

    • SHA512

      14805b1d039e22ac99fba363cd966852d4a19ebeb99547eabc0dc8fed89c70157c2def3f970ec7877653b3568a9aa8d284de4dbca0ee4022f21262829ad6ad02

    • SSDEEP

      6144:knLnX/q0zG+QAx0eW/IS3bgdE+OLz5yT9N6LzKhkYU:kDXg+QA/6b9nn5yJNkYU

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks