trickbot

General

Target

6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118
Size

3.4MB
Sample

240725-jt51qszdqf
MD5

6ebd3ead7ff70ff9badedb980b66728a
SHA1

151afd9f5352fd31fdee9af8b1cfa00afd36dd49
SHA256

02de6c38c553ade4460d627cdcd4db065ee9a59bc0a19d0b6f0b04ecdf38be80
SHA512

df4b54808fd4deb144ea1c6eb058d531013d2b2aebbe69b9c72246192874b02924a9d9fd84f4f2d27207021c5075d8949ab3e69926224fac2dc96f271536db85
SSDEEP

49152:/e1ZAtJAL8bFZlq6MNa0fpfZJRU+U18Kh0sLRUZQlJ9xLOs3lHqZbo5nzfn8Lknb:/Cz8bztMNTU+sj0WRUYv3xqJk71eg

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100010

Botnet

rob42

C2

5.34.180.180:443

64.74.160.228:443

198.46.198.116:443

5.34.180.185:443

107.152.46.188:443

195.123.241.214:443

23.254.224.2:443

107.172.188.113:443

200.52.147.93:443

185.198.59.45:443

45.14.226.101:443

185.82.126.38:443

85.204.116.139:443

45.155.173.248:443

103.91.244.50:443

45.230.244.20:443

45.226.124.226:443

187.84.95.6:443

186.250.157.116:443

186.137.85.76:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  6ebd3ead7ff70ff9badedb980b66728a_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  6ebd3ead7ff70ff9badedb980b66728a
- SHA1
  
  151afd9f5352fd31fdee9af8b1cfa00afd36dd49
- SHA256
  
  02de6c38c553ade4460d627cdcd4db065ee9a59bc0a19d0b6f0b04ecdf38be80
- SHA512
  
  df4b54808fd4deb144ea1c6eb058d531013d2b2aebbe69b9c72246192874b02924a9d9fd84f4f2d27207021c5075d8949ab3e69926224fac2dc96f271536db85
- SSDEEP
  
  49152:/e1ZAtJAL8bFZlq6MNa0fpfZJRU+U18Kh0sLRUZQlJ9xLOs3lHqZbo5nzfn8Lknb:/Cz8bztMNTU+sj0WRUYv3xqJk71eg
Score

10^/10

trickbot rob42 banker discovery packer trojan vmprotect
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

VMProtect packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2