trickbot

General

Target

2587e94f3bc1ae54ff7732984925def76de934b3e1b1f7407bd66491db18f7e0
Size

308KB
Sample

240410-lz9xzsef4s
MD5

582671a5b5f2170a49333296aa81b84b
SHA1

5e35f891922b5d724a4b6f37eb9609ea47e00fc5
SHA256

2587e94f3bc1ae54ff7732984925def76de934b3e1b1f7407bd66491db18f7e0
SHA512

3ea32e3a86b920610b2d9c9fbb97462dbbb8bfbcf20a5a724e2d907a1e6ee1858e2b7b9f8facd3015918e51eedb5cac170c3306eb07548d452fc19002b8db406
SSDEEP

6144:N5ac4RVUnKmLYjTC8aiCZsZbgi07Iml9vl2J8HjnX9jf:N5h3nKm0jTC8afsZbJ0Im3vEJ8DnNjf

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000030

Botnet

rob91

C2

196.43.106.38:443

186.97.172.178:443

37.228.70.134:443

144.48.139.206:443

190.110.179.139:443

172.105.15.152:443

177.67.137.111:443

27.72.107.215:443

186.66.15.10:443

189.206.78.155:443

202.131.227.229:443

185.9.187.10:443

196.41.57.46:443

212.200.25.118:443

197.254.14.238:443

45.229.71.211:443

181.167.217.53:443

181.129.116.58:443

185.189.55.207:443

172.104.241.29:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  2587e94f3bc1ae54ff7732984925def76de934b3e1b1f7407bd66491db18f7e0
- Size
  
  308KB
- MD5
  
  582671a5b5f2170a49333296aa81b84b
- SHA1
  
  5e35f891922b5d724a4b6f37eb9609ea47e00fc5
- SHA256
  
  2587e94f3bc1ae54ff7732984925def76de934b3e1b1f7407bd66491db18f7e0
- SHA512
  
  3ea32e3a86b920610b2d9c9fbb97462dbbb8bfbcf20a5a724e2d907a1e6ee1858e2b7b9f8facd3015918e51eedb5cac170c3306eb07548d452fc19002b8db406
- SSDEEP
  
  6144:N5ac4RVUnKmLYjTC8aiCZsZbgi07Iml9vl2J8HjnX9jf:N5h3nKm0jTC8afsZbJ0Im3vEJ8DnNjf
Score

10^/10

trickbot rob91 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2