trickbot | e23eb97093080ea94f494631b59d0e9baa860bbacb5f7b970b20339186ebdea3 | Triage

Sharing

General

Target

e23eb97093080ea94f494631b59d0e9baa860bbacb5f7b970b20339186ebdea3
Size

347KB
Sample

230129-whc7sshe6t
MD5

f29c32025fee487c7bbbf3e23ad04ead
SHA1

90ae88e6edd4159d4be6edfcb25ec42af6b98523
SHA256

e23eb97093080ea94f494631b59d0e9baa860bbacb5f7b970b20339186ebdea3
SHA512

7f63fbbe608f2db73e98d0389b296f125f11c23375f0fdc023dc399e36fec396680769f4f7344fd05a52282934e493b9ae61b69b2c6b6fb9e86558ece76c5153
SSDEEP

6144:nehCU2WtxIp8CblMs7pwg1ham082O8p9p+fDxV3GPAyt4ZbwK7GeI:naCU2QE8CblMs7px4m039p+LOAA4uKCv

Score

10^/10

trickbot mon68 banker packer trojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon68

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e23eb97093080ea94f494631b59d0e9baa860bbacb5f7b970b20339186ebdea3
- Size
  
  347KB
- MD5
  
  f29c32025fee487c7bbbf3e23ad04ead
- SHA1
  
  90ae88e6edd4159d4be6edfcb25ec42af6b98523
- SHA256
  
  e23eb97093080ea94f494631b59d0e9baa860bbacb5f7b970b20339186ebdea3
- SHA512
  
  7f63fbbe608f2db73e98d0389b296f125f11c23375f0fdc023dc399e36fec396680769f4f7344fd05a52282934e493b9ae61b69b2c6b6fb9e86558ece76c5153
- SSDEEP
  
  6144:nehCU2WtxIp8CblMs7pwg1ham082O8p9p+fDxV3GPAyt4ZbwK7GeI:naCU2QE8CblMs7px4m039p+LOAA4uKCv
Score

10^/10

trickbot mon68 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon68bankerpackertrojan

behavioral2

trickbotmon68bankerpackertrojan