trickbot | be974e1ac0c80224c35d49976e80b21dcbda291e6fc282b5aa26af01488e7fd7 | Triage

Sharing

General

Target

44669e0ff064dfc9e724391003dcde87_JaffaCakes118
Size

353KB
Sample

240714-fmdq5azdnb
MD5

44669e0ff064dfc9e724391003dcde87
SHA1

2a85323d7a18f375490b4316743792356917336c
SHA256

be974e1ac0c80224c35d49976e80b21dcbda291e6fc282b5aa26af01488e7fd7
SHA512

e67ae6c07e207928c45bac1bc05f42bf151ac19e0c3e3b73a0a9473549124a1dc8fd81f6ffc42001adc1579fc0250a24484374c721b0c47882938df21b992b7f
SSDEEP

6144:WFKu/DzWD+JOAQBHMa2Bgrc0P9eydIC5sCwllcQL727K7wbkQFV:WIckjAQGTCNP9vICCC2L729xV

Score

10^/10

trickbot mon55 banker packer trojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon55

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  44669e0ff064dfc9e724391003dcde87_JaffaCakes118
- Size
  
  353KB
- MD5
  
  44669e0ff064dfc9e724391003dcde87
- SHA1
  
  2a85323d7a18f375490b4316743792356917336c
- SHA256
  
  be974e1ac0c80224c35d49976e80b21dcbda291e6fc282b5aa26af01488e7fd7
- SHA512
  
  e67ae6c07e207928c45bac1bc05f42bf151ac19e0c3e3b73a0a9473549124a1dc8fd81f6ffc42001adc1579fc0250a24484374c721b0c47882938df21b992b7f
- SSDEEP
  
  6144:WFKu/DzWD+JOAQBHMa2Bgrc0P9eydIC5sCwllcQL727K7wbkQFV:WIckjAQGTCNP9vICCC2L729xV
Score

10^/10

trickbot mon55 banker packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbotmon55bankerpackertrojan

behavioral2

trickbotmon55bankerpackertrojan