trickbot | 1e749ea17f499e72237981072900998abc755bdcd0286b968d731e241c1a744a | Triage

Resubmissions

12-08-2024 19:18

240812-xz16mazenf 10

12-08-2024 18:52

240812-xjbwssvaqr 10

Sharing

General

Target

8fe3bd4d5898f1fd59347f9db14373f8_JaffaCakes118
Size

4.4MB
Sample

240812-xz16mazenf
MD5

8fe3bd4d5898f1fd59347f9db14373f8
SHA1

67c0ca68702204af99ffeb0a2b6059fa2d11c61e
SHA256

1e749ea17f499e72237981072900998abc755bdcd0286b968d731e241c1a744a
SHA512

54e7ab67c3148ff17fdc57721d29c77d7bbae24d1298b1b3e4ca62941459ab4f0ddcec37e59693a98f1dabc768e4828dfcecaa13beea4edb65cc321f0ca63a9f
SSDEEP

49152:IGJBADdfU07gXPUwfdgwS5uHCbqRa/ft4udat:+dWE+a/l4oat

Score

10^/10

trickbot rob57 banker discovery packer trojan

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

rob57

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  8fe3bd4d5898f1fd59347f9db14373f8_JaffaCakes118
- Size
  
  4.4MB
- MD5
  
  8fe3bd4d5898f1fd59347f9db14373f8
- SHA1
  
  67c0ca68702204af99ffeb0a2b6059fa2d11c61e
- SHA256
  
  1e749ea17f499e72237981072900998abc755bdcd0286b968d731e241c1a744a
- SHA512
  
  54e7ab67c3148ff17fdc57721d29c77d7bbae24d1298b1b3e4ca62941459ab4f0ddcec37e59693a98f1dabc768e4828dfcecaa13beea4edb65cc321f0ca63a9f
- SSDEEP
  
  49152:IGJBADdfU07gXPUwfdgwS5uHCbqRa/ft4udat:+dWE+a/l4oat
Score

10^/10

trickbot rob57 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbotrob57bankerdiscoverypackertrojan

behavioral2

trickbotrob57bankerdiscoverypackertrojan