General

  • Target

    0ba0caf0ab492b519127a797a535ce9f.zip

  • Size

    358KB

  • Sample

    240831-km8zgsveqk

  • MD5

    47f6b233c2c79d18f0d96c8653a230f0

  • SHA1

    e916c83820243200bdaef4d419a5d9bf94b950f4

  • SHA256

    37e7681cd2f34d90c17bbb7ab5800620e7ff99eba507db117a801a6e151f0bca

  • SHA512

    4048d27a97e97153ed1369836bad38d596669a607d294c3a139a383c323b798bce214f07807a7d98561d93d201dfdc4438ca271cfe1876d126c14e23b1ebfd83

  • SSDEEP

    6144:1hDnUgCe4Ps0lR6jceaigq5jm1xfqcswG0DVnW7+Kt6L6Wo7Ire7EbBjwNE2wCLT:/n7CLPFlR3i1tgtLG0DVE+5rFj0GvzkZ

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top138

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      37e081b75c073fbcfad7f5cd4238a12985a07a01f4b9d000ee7a74bda6456e0c

    • Size

      616KB

    • MD5

      0ba0caf0ab492b519127a797a535ce9f

    • SHA1

      492457c937e83ea7a862e4b4fda302e1c7bd8fe4

    • SHA256

      37e081b75c073fbcfad7f5cd4238a12985a07a01f4b9d000ee7a74bda6456e0c

    • SHA512

      f357d7c1a9b892280169c8f22b5d9f6240d9ba23b8d838bcbdf53cd4cd86a8bdf8a121bc242ad877cee714b61c60af981b9d3eea5ae9c264e3cf4fb79803a34a

    • SSDEEP

      12288:Z4jne1opolK5fFIjv+LmDs8ux5Rf/IoutNtO05:4e1oWK5dBKD5KHIw0

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Enterprise v15

Tasks