trickbot

General

Target

3d1322b352d4ae3d6aa807055748c1f2eeedda11af6a79a6484edfc124589127
Size

708KB
Sample

230519-ten4sahc9x
MD5

de3478a4e777a992ca4129b107ed74c6
SHA1

2fd371c73d1fc9ed9690d400e770e32ad7665db9
SHA256

3d1322b352d4ae3d6aa807055748c1f2eeedda11af6a79a6484edfc124589127
SHA512

1597f3895952a98bed0e625da27cc808c5fdbab2beaf96d9e042538d33e33ea5a279205d5a146d44d8a915503cf72e3ac988da4abbb2739e7ae6b142320232e7
SSDEEP

12288:RrWHBIB7EQKzTBS+FrmAlK3wg5MQrahTXYxZp:UBIp88uSIKgl1hTIh

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

lip148

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  3d1322b352d4ae3d6aa807055748c1f2eeedda11af6a79a6484edfc124589127
- Size
  
  708KB
- MD5
  
  de3478a4e777a992ca4129b107ed74c6
- SHA1
  
  2fd371c73d1fc9ed9690d400e770e32ad7665db9
- SHA256
  
  3d1322b352d4ae3d6aa807055748c1f2eeedda11af6a79a6484edfc124589127
- SHA512
  
  1597f3895952a98bed0e625da27cc808c5fdbab2beaf96d9e042538d33e33ea5a279205d5a146d44d8a915503cf72e3ac988da4abbb2739e7ae6b142320232e7
- SSDEEP
  
  12288:RrWHBIB7EQKzTBS+FrmAlK3wg5MQrahTXYxZp:UBIp88uSIKgl1hTIh
Score

10^/10

trickbot banker trojan lip148
- Contacts Bazar domain
  Uses Emercoin blockchain domains associated with Bazar backdoor/loader.
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Contacts Bazar domain

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2