General

  • Target

    8bc4c1259eea3ffcde25921b4ea67842

  • Size

    391KB

  • Sample

    240203-jhbmraefcl

  • MD5

    8bc4c1259eea3ffcde25921b4ea67842

  • SHA1

    5428ccd59bed8244855c2488173988cd0b83695a

  • SHA256

    6ee919f12040c59637220ea3f8e6c15467ea29402ae6fb6446456ba586c34532

  • SHA512

    8bb15b2f87b08917adfd708e911d9b7cd54f5d6f489573b67eb19efea33bc9fcb0fb713162426f0fa7e3da3282f6093e47fe198220287dad29528128532f1e23

  • SSDEEP

    6144:vhhpC5Qc7xvbx238uLIKOZQip4JVzgiRk40SV5IuRp6a4Zu:85QctcvLI5Dp4rzgiB+qka4Zu

Malware Config

Extracted

Family

trickbot

Version

2000033

Botnet

tot144

C2

179.42.137.102:443

191.36.152.198:443

179.42.137.104:443

179.42.137.106:443

179.42.137.108:443

202.183.12.124:443

194.190.18.122:443

103.56.207.230:443

171.103.187.218:449

171.103.189.118:449

18.139.111.104:443

179.42.137.105:443

186.4.193.75:443

171.101.229.2:449

179.42.137.107:443

103.56.43.209:449

179.42.137.110:443

45.181.207.156:443

197.44.54.162:449

179.42.137.109:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      8bc4c1259eea3ffcde25921b4ea67842

    • Size

      391KB

    • MD5

      8bc4c1259eea3ffcde25921b4ea67842

    • SHA1

      5428ccd59bed8244855c2488173988cd0b83695a

    • SHA256

      6ee919f12040c59637220ea3f8e6c15467ea29402ae6fb6446456ba586c34532

    • SHA512

      8bb15b2f87b08917adfd708e911d9b7cd54f5d6f489573b67eb19efea33bc9fcb0fb713162426f0fa7e3da3282f6093e47fe198220287dad29528128532f1e23

    • SSDEEP

      6144:vhhpC5Qc7xvbx238uLIKOZQip4JVzgiRk40SV5IuRp6a4Zu:85QctcvLI5Dp4rzgiB+qka4Zu

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Matrix

Tasks