trickbot

General

Target

74775e59d00746f145553f4159244c65_JaffaCakes118
Size

344KB
Sample

240726-ry1wkstemq
MD5

74775e59d00746f145553f4159244c65
SHA1

023666efe4c7ac08a8192a67516ae26edc4b2e38
SHA256

3a0bf36841aa0f458ef6310384e98f2c689f2a821be8bbe64ffaab1fbbb3187a
SHA512

2888de76026161afcf0453d403dfced502d8683a13fbf97337c065a02e539f9943b72c3e528bed112e88f4e6ef3c6ff2a2dc9a91ce5dd30c470e070578dff61f
SSDEEP

6144:UEs72CZp1HKqFV+ScJRtHELfWuwDxMuPxE/W3HjD3X1:iRphKqnOJRtHELJwVMuSo/1

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

mon55

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  74775e59d00746f145553f4159244c65_JaffaCakes118
- Size
  
  344KB
- MD5
  
  74775e59d00746f145553f4159244c65
- SHA1
  
  023666efe4c7ac08a8192a67516ae26edc4b2e38
- SHA256
  
  3a0bf36841aa0f458ef6310384e98f2c689f2a821be8bbe64ffaab1fbbb3187a
- SHA512
  
  2888de76026161afcf0453d403dfced502d8683a13fbf97337c065a02e539f9943b72c3e528bed112e88f4e6ef3c6ff2a2dc9a91ce5dd30c470e070578dff61f
- SSDEEP
  
  6144:UEs72CZp1HKqFV+ScJRtHELfWuwDxMuPxE/W3HjD3X1:iRphKqnOJRtHELJwVMuSo/1
Score

10^/10

trickbot mon55 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2