trickbot | aa7931e3e85d3c5bd6fc2052c38bee389bfba9281a8616da3275149a689ec5eb | Triage

Sharing

General

Target

25056df6d3546de971eafe5da5f9ae44_JaffaCakes118
Size

4.4MB
Sample

240704-hqfq1azapr
MD5

25056df6d3546de971eafe5da5f9ae44
SHA1

179555b3d0391e45df29e651b8ed0342d02fe88a
SHA256

aa7931e3e85d3c5bd6fc2052c38bee389bfba9281a8616da3275149a689ec5eb
SHA512

8032a5bd9b07accc290b24fd2afa299afd12214026089665836fade7282f0d217ffd79f5a3a12fd64e0e08d4f6fa0a04a8b036b4cdc1f95356b0bf43d6a80b50
SSDEEP

49152:7SkyvIo/YMOZswCkQzvhtawebv5hW2/yF//4VPQw:NCetO//S9

Score

10^/10

trickbot rob60 banker packer trojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

rob60

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  25056df6d3546de971eafe5da5f9ae44_JaffaCakes118
- Size
  
  4.4MB
- MD5
  
  25056df6d3546de971eafe5da5f9ae44
- SHA1
  
  179555b3d0391e45df29e651b8ed0342d02fe88a
- SHA256
  
  aa7931e3e85d3c5bd6fc2052c38bee389bfba9281a8616da3275149a689ec5eb
- SHA512
  
  8032a5bd9b07accc290b24fd2afa299afd12214026089665836fade7282f0d217ffd79f5a3a12fd64e0e08d4f6fa0a04a8b036b4cdc1f95356b0bf43d6a80b50
- SSDEEP
  
  49152:7SkyvIo/YMOZswCkQzvhtawebv5hW2/yF//4VPQw:NCetO//S9
Score

10^/10

trickbot rob60 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotrob60bankerpackertrojan

behavioral2

trickbotrob60bankerpackertrojan