trickbot

General

Target

09f30904b19ce6457f78b9c5bda580e6_JaffaCakes118
Size

288KB
Sample

240430-rq7zxsgh7t
MD5

09f30904b19ce6457f78b9c5bda580e6
SHA1

f11825eb457a3965f047a7b23e84a88163dde7eb
SHA256

9c3000a3f533570e1faadd7cf8f23eb97a00aab0fac95c2e54debdf1a6f051ac
SHA512

cde1d43467f66ef618337f101db0195d349f6ac0d56ab5fdfe9cc53de1ac411333465fc7a96e0bebefa913b48f122b0bed5aa7c86133e62de9d7a6e50c16b65d
SSDEEP

6144:beJgC42Pk0kWQ2rkvwdv5nmVUjCSf+/LZmCItYhWcwwa9Rs+e79yF:beJ839rVUjCtKtM1ak+Gq

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000512

Botnet

chil43

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  024d1e75caece924601857b3e631b56936784215267c89d4ebc20f32258fa689.dll
- Size
  
  523KB
- MD5
  
  b639dd87bf7b264f6f9abf7a539cc820
- SHA1
  
  bbede20621c9c3c2f9ae12951161510898943576
- SHA256
  
  024d1e75caece924601857b3e631b56936784215267c89d4ebc20f32258fa689
- SHA512
  
  5c610963212ee97bc6f54a146e46f7066d589583bc2a7e5bafbbdb024394f06d0d63191bef84ad117565e0290eb60c3ef41939965b0e855104c306f9c2d8a78e
- SSDEEP
  
  6144:jVgB84PzDjnZtI9l1RZWhprVUGpZAo6j1/iFi0MWFVIuSPsLc5S+wT7g7A/o:jGBLDjkFRZUVBDAo4qk0MlY2M87A/o
Score

10^/10

trickbot chil43 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2