trickbot

General

Target

882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118
Size

436KB
Sample

240531-yr12bscb84
MD5

882e2c2b51650e2fec7529ae437fc3a5
SHA1

5abc069eaf62469f4032e0cdf46efcc1b1a61fe0
SHA256

b1ebdd1e1d490919894d339d4d512ef25f382d18a77557fd28785ef4fcd2afdd
SHA512

0ebbb91c318642189d65ca3fcac8565dbed80cd030af801aa1b129e3380b0441bdcba42abc5c1c90b23f3637a223718ee548e1da350427d25cdaa2653ce5bc33
SSDEEP

12288:NSwD3oXqDZY8Ah9YNQK20hjrmDfcX63iuO9SdqED8fAmYkZe3K0+6Q3tnf39yo1y:MEF2

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000113

Botnet

tot2

C2

94.127.111.14:449

62.69.241.103:449

62.109.14.24:443

185.234.15.180:443

185.234.15.183:443

92.63.102.238:443

92.63.97.53:443

92.63.97.233:443

109.234.35.29:443

92.63.97.73:443

193.233.62.60:443

194.87.146.135:443

193.233.62.6:443

92.63.107.175:443

194.87.102.214:443

92.63.105.134:443

194.87.103.210:443

78.155.218.137:443

109.234.34.143:443

95.213.237.49:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  882e2c2b51650e2fec7529ae437fc3a5_JaffaCakes118
- Size
  
  436KB
- MD5
  
  882e2c2b51650e2fec7529ae437fc3a5
- SHA1
  
  5abc069eaf62469f4032e0cdf46efcc1b1a61fe0
- SHA256
  
  b1ebdd1e1d490919894d339d4d512ef25f382d18a77557fd28785ef4fcd2afdd
- SHA512
  
  0ebbb91c318642189d65ca3fcac8565dbed80cd030af801aa1b129e3380b0441bdcba42abc5c1c90b23f3637a223718ee548e1da350427d25cdaa2653ce5bc33
- SSDEEP
  
  12288:NSwD3oXqDZY8Ah9YNQK20hjrmDfcX63iuO9SdqED8fAmYkZe3K0+6Q3tnf39yo1y:MEF2
Score

10^/10

trickbot tot2 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2