Triage | Malware sandboxing report by Hatching Triage

Resubmissions

28-12-2022 22:31

221228-2fqb8sbg86 10

14-12-2022 23:42

221214-3qdxmabd63 10

25-11-2022 08:33

221125-kfz31ahd2z 10

Sharing

General

Target

78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef
Size

340KB
Sample

221125-kfz31ahd2z
MD5

8cae5869e6826b0b592e5ac2e6eafc19
SHA1

3915ebc715e3ceb76d681048d83e18077d745106
SHA256

78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef
SHA512

14805b1d039e22ac99fba363cd966852d4a19ebeb99547eabc0dc8fed89c70157c2def3f970ec7877653b3568a9aa8d284de4dbca0ee4022f21262829ad6ad02
SSDEEP

6144:knLnX/q0zG+QAx0eW/IS3bgdE+OLz5yT9N6LzKhkYU:kDXg+QA/6b9nn5yJNkYU

Score

10^/10

trickbot mon47 banker packer trojan

Malware Config

Extracted

Family	trickbot
Version	100011
Botnet	mon47
C2	194.5.249.156:443 142.202.191.164:443 193.8.194.96:443 45.155.173.242:443 108.170.20.75:443 185.163.45.138:443 94.140.114.136:443 134.119.186.202:443 200.52.147.93:443 45.230.244.20:443 186.250.157.116:443 186.137.85.76:443 36.94.62.207:443 182.253.107.34:443 194.5.249.156:443 142.202.191.164:443 193.8.194.96:443 45.155.173.242:443 108.170.20.75:443 185.163.45.138:443 94.140.114.136:443 134.119.186.202:443 200.52.147.93:443 45.230.244.20:443 186.250.157.116:443 186.137.85.76:443 36.94.62.207:443 182.253.107.34:443
Attributes	autorun Name:pwgrab
ecc_pubkey.base64

Targets

- Target
  
  78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef
- Size
  
  340KB
- MD5
  
  8cae5869e6826b0b592e5ac2e6eafc19
- SHA1
  
  3915ebc715e3ceb76d681048d83e18077d745106
- SHA256
  
  78aa81912f72c1c1f91ca07a8172387b2694f140e155029e5e913d20b166aeef
- SHA512
  
  14805b1d039e22ac99fba363cd966852d4a19ebeb99547eabc0dc8fed89c70157c2def3f970ec7877653b3568a9aa8d284de4dbca0ee4022f21262829ad6ad02
- SSDEEP
  
  6144:knLnX/q0zG+QAx0eW/IS3bgdE+OLz5yT9N6LzKhkYU:kDXg+QA/6b9nn5yJNkYU
Score

10^/10

trickbot mon47 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

trickbotmon47bankerpackertrojan

behavioral2

trickbotmon47bankerpackertrojan