General

  • Target

    TribotFullVersion.exe

  • Size

    11.2MB

  • Sample

    240403-x2l5gsab8z

  • MD5

    223bbc10146d34f73ca3249327bf2664

  • SHA1

    bb7dcc00d2bd7f357f7295d947ba2fb6421c079a

  • SHA256

    0a1b77b27f91393605794e7a1eced00fbe0e905f562d274760126330be9da87a

  • SHA512

    eaed9d7e886f540f45b03cf6f3b374d7c37b8b913d4aa54a7618899b223d3744fafb45ab3bae0dae571dd520cf3370374eb9be2b27df978efd9855556431a65f

  • SSDEEP

    196608:7vSHPEkrE8rWRrkqBA1HeT39Iigw7vKub75bcjWgb66e7Ger2REzfPwkZimGio13:7SvEkw8rQjq1+TtIiF7vB5IjWq66ed+X

Malware Config

Targets

    • Target

      TribotFullVersion.exe

    • Size

      11.2MB

    • MD5

      223bbc10146d34f73ca3249327bf2664

    • SHA1

      bb7dcc00d2bd7f357f7295d947ba2fb6421c079a

    • SHA256

      0a1b77b27f91393605794e7a1eced00fbe0e905f562d274760126330be9da87a

    • SHA512

      eaed9d7e886f540f45b03cf6f3b374d7c37b8b913d4aa54a7618899b223d3744fafb45ab3bae0dae571dd520cf3370374eb9be2b27df978efd9855556431a65f

    • SSDEEP

      196608:7vSHPEkrE8rWRrkqBA1HeT39Iigw7vKub75bcjWgb66e7Ger2REzfPwkZimGio13:7SvEkw8rQjq1+TtIiF7vB5IjWq66ed+X

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks