General

  • Target

    bc75196bc774ff6b457a3da3b7571687.zip

  • Size

    454KB

  • Sample

    240901-bv85saxdlg

  • MD5

    58d857fe0b6516575d0c91a3538f6847

  • SHA1

    e7b4e2cb277fca5788cfcb0632b06eaaa824cdac

  • SHA256

    4db233ad0697403b9944e6fefcb306757fd47a97865b3a6db138b66863e691b9

  • SHA512

    7cf3780b8c495fe93c27cedadbb2f863c406d665a17338e93eb7992fedd3b646b26ec4311f6142827066af7169d1f70935017e252a48eb66b9e87b5b28d2682a

  • SSDEEP

    12288:vXn1sLYizRmeo8Qmylqd/mLqqCXVWHrOIag:f1sFDyKm0l+r7

Malware Config

Extracted

Family

trickbot

Version

2000035

Botnet

lib166

C2

36.91.117.231:443

36.89.228.201:443

103.75.32.173:443

45.115.172.105:443

36.95.23.89:443

103.123.86.104:443

202.65.119.162:443

202.9.121.143:443

139.255.65.170:443

110.172.137.20:443

103.146.232.154:443

36.91.88.164:443

103.47.170.131:443

122.117.90.133:443

103.9.188.78:443

210.2.149.202:443

118.91.190.42:443

117.222.61.115:443

117.222.57.92:443

136.228.128.21:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      15243d660c780f206ac86d14fe7058f8a0f1992c00037a6331094319d5242c86

    • Size

      868KB

    • MD5

      bc75196bc774ff6b457a3da3b7571687

    • SHA1

      2191be729d328424dec1dd404f865ab9d28c4ad1

    • SHA256

      15243d660c780f206ac86d14fe7058f8a0f1992c00037a6331094319d5242c86

    • SHA512

      bfce8241614ec610898559b15e694783a2f5873294b26b7457a7e4c3571355252eb1403adb90d3dd2ee7be31fc39c5cf5b68ec6525e39e00188c73f370010638

    • SSDEEP

      12288:0cfkUmruxF02xWt5bSoV/XHx8B8a4TrTEChqNi9rkY/o:KI02x+LXHqB8aErPqCNo

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Enterprise v15

Tasks