trickbot | trickbot[.]payload-disk-1

General

Target

trickbot.payload-disk-1
Size

145KB
MD5

1961ed2de9f5fb8669cf0c699ca0628a
SHA1

40d57d028d6e965744cbde45121dcd1a836f223b
SHA256

38359159324ec6bd77e15269f62a9afb9d6e5c02a994549296901eefdce35d3e
SHA512

f32ba80ff0a6b6a708aa737a0103e629f07f24e6a9818d3b41c70e56d5633596d1535ef0b9fd86e46c06e248df5f7f7f458e54c3f62a2f692470d85d9fe77928
SSDEEP

1536:ILu0yhDX53mhsUbZom7kj4Si0e0WdUB7cquosPE5sXwH0EA0GvNMe2hBvuPY0g4t:p0y1X53Of76s0eodYP2sgH0ww27WPnr

Score

10^/10

lib101 trickbot

Malware Config

Extracted

Family

trickbot

Version

100018

Botnet

lib101

C2

38.110.103.124:443

185.56.76.28:443

204.138.26.60:443

60.51.47.65:443

74.85.157.139:443

68.69.26.182:443

38.110.103.136:443

38.110.103.18:443

138.34.28.219:443

185.56.76.94:443

217.115.240.248:443

24.162.214.166:443

80.15.2.105:443

154.58.23.192:443

38.110.100.104:443

45.36.99.184:443

185.56.76.108:443

185.56.76.72:443

138.34.28.35:443

97.83.40.67:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
trickbot.payload-disk-1

Files

trickbot.payload-disk-1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB