trickbot | aa6612546099599e30b4c7d95f357723df58031852bb19e8bd6dbac485efade1 | Triage

Sharing

General

Target

aa6612546099599e30b4c7d95f357723df58031852bb19e8bd6dbac485efade1
Size

632KB
Sample

221125-lkcnyabg8y
MD5

e18aa52695fa09efc1e974e8dd29c6a4
SHA1

aae726703d5576bf74bed43ce1e6d4e79520f0d9
SHA256

aa6612546099599e30b4c7d95f357723df58031852bb19e8bd6dbac485efade1
SHA512

e1b17ea60e37f69ab0e9b710307bb42161a1eeb6b9c9789140d9e61cf6cf7bcc10a99ce86b22968d1b5fad519d50b5c913d93f116ca56719846e6327d65243d4
SSDEEP

12288:G6S+OExaxPySeIgS4DqjcOMHnTEF7klnM7n:GH+O/9MIgJqjcOMHnTpA

Score

10^/10

trickbot tot36 banker trojan

Malware Config

Extracted

Family

trickbot

Version

2000024

Botnet

tot36

C2

85.93.159.98:449

92.242.214.203:449

202.21.103.194:449

169.239.45.42:449

45.234.248.66:449

103.91.244.102:449

118.67.216.238:449

117.212.193.62:449

201.184.190.59:449

103.29.185.138:449

79.122.166.236:449

37.143.150.186:449

179.191.108.58:449

85.159.214.61:443

149.56.80.31:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  aa6612546099599e30b4c7d95f357723df58031852bb19e8bd6dbac485efade1
- Size
  
  632KB
- MD5
  
  e18aa52695fa09efc1e974e8dd29c6a4
- SHA1
  
  aae726703d5576bf74bed43ce1e6d4e79520f0d9
- SHA256
  
  aa6612546099599e30b4c7d95f357723df58031852bb19e8bd6dbac485efade1
- SHA512
  
  e1b17ea60e37f69ab0e9b710307bb42161a1eeb6b9c9789140d9e61cf6cf7bcc10a99ce86b22968d1b5fad519d50b5c913d93f116ca56719846e6327d65243d4
- SSDEEP
  
  12288:G6S+OExaxPySeIgS4DqjcOMHnTEF7klnM7n:GH+O/9MIgJqjcOMHnTpA
Score

10^/10

trickbot tot36 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbottot36bankertrojan

behavioral2

trickbottot36bankertrojan