trickbot | f7224874dedb8410abca59e14580ca5f54abf6a9d4ccb39276d46437996d3ef6 | Triage

Sharing

General

Target

4a8ba2b1a762a417f837f3de2b70d9ae_JaffaCakes118
Size

400KB
Sample

240715-vbge7szeqp
MD5

4a8ba2b1a762a417f837f3de2b70d9ae
SHA1

f507586f4cd51ad183fbadad763ba4e9ccdfeee2
SHA256

f7224874dedb8410abca59e14580ca5f54abf6a9d4ccb39276d46437996d3ef6
SHA512

4da14ecc38294ac19fd5e0b21f5f6fb083d9212aadaaf6407ae982d2a25ac6625779d7d5c5cc7bf08730c583120b871734f813884ce38e0f67ed394cff0feb0f
SSDEEP

6144:ftRY/TyW0mL1QnLSNFXI21MfCDKbGsRtdumLIs/q+xmG3SOKCtqhhl0wN:vgT/0mL1f712CD6GyDuv+SOHqhhau

Score

10^/10

trickbot tot33 banker trojan

Malware Config

Extracted

Family

trickbot

Version

2000024

Botnet

tot33

C2

85.93.159.98:449

92.242.214.203:449

202.21.103.194:449

169.239.45.42:449

45.234.248.66:449

103.91.244.102:449

118.67.216.238:449

117.212.193.62:449

201.184.190.59:449

103.29.185.138:449

79.122.166.236:449

37.143.150.186:449

179.191.108.58:449

85.159.214.61:443

149.56.80.31:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  4a8ba2b1a762a417f837f3de2b70d9ae_JaffaCakes118
- Size
  
  400KB
- MD5
  
  4a8ba2b1a762a417f837f3de2b70d9ae
- SHA1
  
  f507586f4cd51ad183fbadad763ba4e9ccdfeee2
- SHA256
  
  f7224874dedb8410abca59e14580ca5f54abf6a9d4ccb39276d46437996d3ef6
- SHA512
  
  4da14ecc38294ac19fd5e0b21f5f6fb083d9212aadaaf6407ae982d2a25ac6625779d7d5c5cc7bf08730c583120b871734f813884ce38e0f67ed394cff0feb0f
- SSDEEP
  
  6144:ftRY/TyW0mL1QnLSNFXI21MfCDKbGsRtdumLIs/q+xmG3SOKCtqhhl0wN:vgT/0mL1f712CD6GyDuv+SOHqhhau
Score

10^/10

trickbot tot33 banker trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trickbottot33bankertrojan

behavioral2

trickbottot33bankertrojan