trickbot

General

Target

72b5f100dfd944d7ccc2f3be2f8ad1d2_JaffaCakes118
Size

225KB
Sample

240525-vznjesbh21
MD5

72b5f100dfd944d7ccc2f3be2f8ad1d2
SHA1

c09baf56de578ed27f991913fd48faddb84e681e
SHA256

75a3d4745aef792b27072ba481d9603d6aedc02de66a81414ed3cab6523cd896
SHA512

93ae16a696200444c922910b093196e06f61a5673de4ed63a3a1d5ee1e2fcf7229430f9d146a6b9f8f23178716e0e5d7fe6a24f8534cc3751af64e4d01272d15
SSDEEP

6144:wrtuSXcB01RwHnz/Ze2WnnnnhjigW9cFUJI5lwUCcrXl0W9MgkztHl:wrtnXUu6nDZe2Wnnnnhjig1XfXl0W9MH

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000088

Botnet

kas87

C2

187.188.162.150:449

83.0.245.234:449

149.154.68.252:443

194.87.111.10:443

194.87.93.0:443

185.228.232.173:443

194.87.111.131:443

185.228.232.175:443

62.109.11.80:443

91.211.246.180:443

91.211.246.195:443

91.211.246.47:443

185.228.232.209:443

78.24.218.150:443

92.63.97.68:443

194.87.234.31:443

82.146.61.187:443

80.87.199.210:443

82.146.59.149:443

188.120.247.223:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  72b5f100dfd944d7ccc2f3be2f8ad1d2_JaffaCakes118
- Size
  
  225KB
- MD5
  
  72b5f100dfd944d7ccc2f3be2f8ad1d2
- SHA1
  
  c09baf56de578ed27f991913fd48faddb84e681e
- SHA256
  
  75a3d4745aef792b27072ba481d9603d6aedc02de66a81414ed3cab6523cd896
- SHA512
  
  93ae16a696200444c922910b093196e06f61a5673de4ed63a3a1d5ee1e2fcf7229430f9d146a6b9f8f23178716e0e5d7fe6a24f8534cc3751af64e4d01272d15
- SSDEEP
  
  6144:wrtuSXcB01RwHnz/Ze2WnnnnhjigW9cFUJI5lwUCcrXl0W9MgkztHl:wrtnXUu6nDZe2Wnnnnhjig1XfXl0W9MH
Score

10^/10

trickbot kas87 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2