trickbot | f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73 | Triage

Sharing

General

Target

397263-mon48_crdll.dll
Size

329KB
Sample

230702-p6e8qsbf38
MD5

48cab21fcbe254e7c83f4c1d455a39dc
SHA1

b96c1f765abb14eb401cacab6f6e203c3a255df9
SHA256

f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73
SHA512

0375a26a2d6d8990d202b75b4cb6797d03300ddc077c4dcb05778365212644ee49ce6e437fde0b77e1b8179d01ffad028635869d2f3897333b85471724d15ebc
SSDEEP

6144:aNwmpjb5sDo7TgHLC8X9cL4MoOm/ELg22LCs+7/WRE:aFHs5C8e4MPgELILCs8/EE

Score

10^/10

trickbot mon48 banker packer trojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon48

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  397263-mon48_crdll.dll
- Size
  
  329KB
- MD5
  
  48cab21fcbe254e7c83f4c1d455a39dc
- SHA1
  
  b96c1f765abb14eb401cacab6f6e203c3a255df9
- SHA256
  
  f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73
- SHA512
  
  0375a26a2d6d8990d202b75b4cb6797d03300ddc077c4dcb05778365212644ee49ce6e437fde0b77e1b8179d01ffad028635869d2f3897333b85471724d15ebc
- SSDEEP
  
  6144:aNwmpjb5sDo7TgHLC8X9cL4MoOm/ELg22LCs+7/WRE:aFHs5C8e4MPgELILCs8/EE
Score

10^/10

trickbot mon48 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon48bankerpackertrojan

behavioral2

trickbotmon48bankerpackertrojan