trickbot

General

Target

3e296cf29631c3e17a505381d2478557_JaffaCakes118
Size

600KB
Sample

240513-ha9n5sdf27
MD5

3e296cf29631c3e17a505381d2478557
SHA1

22de3b53dfcbdf47e1204a1505a6e74d3193a7b1
SHA256

3a409f01ceee179db5d5276d00c5dfb0dee633ff9d68bbd0ee5b1a95d0a13242
SHA512

57a268290f248fa90931a4bc4f0ba78fb982d2c12b2bf1c71d1ac7903c83763b190360db69d943d850a0ac7cf72c4067021e2f7bbdc6393cd8a353f451d87900
SSDEEP

12288:NPv2vczkIkkvkkkkkkkkXk4n7rF4n7rUg1gzkIkkvkkkkkkkkXLyubClYMTjwaYw:N9g4t4sg1ghbjMvwFw

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000513

Botnet

ono67

C2

51.89.177.20:443

194.5.249.174:443

107.174.196.242:443

185.205.209.241:443

82.146.46.220:443

5.34.178.126:443

212.22.70.65:443

195.123.241.90:443

185.164.32.214:443

198.46.198.139:443

195.123.241.187:443

86.104.194.116:443

195.123.240.252:443

185.164.32.215:443

45.148.120.195:443

45.138.158.32:443

5.149.253.99:443

92.62.65.163:449

88.247.212.56:449

180.211.170.214:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  3e296cf29631c3e17a505381d2478557_JaffaCakes118
- Size
  
  600KB
- MD5
  
  3e296cf29631c3e17a505381d2478557
- SHA1
  
  22de3b53dfcbdf47e1204a1505a6e74d3193a7b1
- SHA256
  
  3a409f01ceee179db5d5276d00c5dfb0dee633ff9d68bbd0ee5b1a95d0a13242
- SHA512
  
  57a268290f248fa90931a4bc4f0ba78fb982d2c12b2bf1c71d1ac7903c83763b190360db69d943d850a0ac7cf72c4067021e2f7bbdc6393cd8a353f451d87900
- SSDEEP
  
  12288:NPv2vczkIkkvkkkkkkkkXk4n7rF4n7rUg1gzkIkkvkkkkkkkkXLyubClYMTjwaYw:N9g4t4sg1ghbjMvwFw
Score

10^/10

trickbot ono67 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2