General

  • Target

    VirusShare_01b55404de50bd1a56343b2f316ff88d

  • Size

    121KB

  • Sample

    230322-31wv7acb79

  • MD5

    01b55404de50bd1a56343b2f316ff88d

  • SHA1

    8a6b9599d3e71c83eaef7f5a23df21b4f41370b1

  • SHA256

    69bd652ace6469311a49a12f66bbbc691bdfc69aba958dd02d928464cbb46609

  • SHA512

    f1ec4bf6768dea2edc53c72dd7c884641a464f4268d21480bb55fbdb1079b8c5c9fb50eab4b29d13acb4a8682ca6ae291341e01b748e228b185676e48df2e598

  • SSDEEP

    3072:JrhJGtDfYtWAh3A8lKl+/63VBwxkbwQXz8lFTnc:JrhJoDfY13KE/qVlNYvnc

Malware Config

Extracted

Family

trickbot

Version

1000501

Botnet

ono33

C2

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      VirusShare_01b55404de50bd1a56343b2f316ff88d

    • Size

      121KB

    • MD5

      01b55404de50bd1a56343b2f316ff88d

    • SHA1

      8a6b9599d3e71c83eaef7f5a23df21b4f41370b1

    • SHA256

      69bd652ace6469311a49a12f66bbbc691bdfc69aba958dd02d928464cbb46609

    • SHA512

      f1ec4bf6768dea2edc53c72dd7c884641a464f4268d21480bb55fbdb1079b8c5c9fb50eab4b29d13acb4a8682ca6ae291341e01b748e228b185676e48df2e598

    • SSDEEP

      3072:JrhJGtDfYtWAh3A8lKl+/63VBwxkbwQXz8lFTnc:JrhJoDfY13KE/qVlNYvnc

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks