trickbot

General

Target

6d4bed776e6c338d674b7b5294d80797_JaffaCakes118
Size

2.2MB
Sample

240724-3s2rgaxfmd
MD5

6d4bed776e6c338d674b7b5294d80797
SHA1

2bc561a30777457d6e398f3a3ee835ca83f1fc93
SHA256

2fab70fda22b40613db93aec95a8044aa84e84fb2964154f8e0ec770f0cab043
SHA512

38c098e8278011f124914950f061fe221e7e46c8512bc8aad884a5ac36f001e0f054c052fa8dfb1f59a4e76896715979440194c1563b002cd6752eedb76fa674
SSDEEP

49152:YfaG/sv/YzBQsvIE81euCB9RYNOvNNW5SdTykxUWp:OUXKF7BFzTykxV

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000024

Botnet

tot32

C2

85.93.159.98:449

92.242.214.203:449

202.21.103.194:449

169.239.45.42:449

45.234.248.66:449

103.91.244.102:449

118.67.216.238:449

117.212.193.62:449

201.184.190.59:449

103.29.185.138:449

79.122.166.236:449

37.143.150.186:449

179.191.108.58:449

85.159.214.61:443

149.56.80.31:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  6d4bed776e6c338d674b7b5294d80797_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  6d4bed776e6c338d674b7b5294d80797
- SHA1
  
  2bc561a30777457d6e398f3a3ee835ca83f1fc93
- SHA256
  
  2fab70fda22b40613db93aec95a8044aa84e84fb2964154f8e0ec770f0cab043
- SHA512
  
  38c098e8278011f124914950f061fe221e7e46c8512bc8aad884a5ac36f001e0f054c052fa8dfb1f59a4e76896715979440194c1563b002cd6752eedb76fa674
- SSDEEP
  
  49152:YfaG/sv/YzBQsvIE81euCB9RYNOvNNW5SdTykxUWp:OUXKF7BFzTykxV
Score

10^/10

trickbot tot32 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2