trickbot

General

Target

ac75d6634acbce0bc12d83e68658e7ef_JaffaCakes118
Size

330KB
Sample

240819-y8l9haybjk
MD5

ac75d6634acbce0bc12d83e68658e7ef
SHA1

40adffa15d0cb2daf04d3e51dcf0d29421387f9c
SHA256

9e7314a10219213e3be1bfaba87f2a30e6e9d0b6df6e6edd6683d4cb536ce5c4
SHA512

0568fcc248d3683af9c9af8ec036c3bdf879b88393a0595ff78518f33e8cca39220e6ea96ff35ebdaa121563dcc41c1513436812bfcff741bb2989014f20d201
SSDEEP

6144:F+ZE0J3qMwtXD+Y6L3umbgDS67CMSsa9clQgOjEmnuvqrg+lr0XjUj:F+ZLxz8DSWkJc6du2g+lrAjUj

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100011

Botnet

rob57

C2

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

1
RUNTMzAAAABbfmkJRvwyw7iFkX40hL2HwsUeOSZZZo0FRRWGkY6J1+gf3YKq13Ee4sY3Jb9/0myCr0MwzNK1K2l5yuY87nW29Q/yjMJG0ISDj0HNBC3G+ZGta6Oi9QkjCwnNGbw2hQ4=

Targets

- Target
  
  ac75d6634acbce0bc12d83e68658e7ef_JaffaCakes118
- Size
  
  330KB
- MD5
  
  ac75d6634acbce0bc12d83e68658e7ef
- SHA1
  
  40adffa15d0cb2daf04d3e51dcf0d29421387f9c
- SHA256
  
  9e7314a10219213e3be1bfaba87f2a30e6e9d0b6df6e6edd6683d4cb536ce5c4
- SHA512
  
  0568fcc248d3683af9c9af8ec036c3bdf879b88393a0595ff78518f33e8cca39220e6ea96ff35ebdaa121563dcc41c1513436812bfcff741bb2989014f20d201
- SSDEEP
  
  6144:F+ZE0J3qMwtXD+Y6L3umbgDS67CMSsa9clQgOjEmnuvqrg+lr0XjUj:F+ZLxz8DSWkJc6du2g+lrAjUj
Score

10^/10

trickbot rob57 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.