General

  • Target

    66788b6ed9f832e002d0769fed025a31.zip

  • Size

    454KB

  • Sample

    240901-kbgqvswcjj

  • MD5

    4f5644f95f0df8c6dc6b1c4cde781f6e

  • SHA1

    c4806e9be53f2183571b61d108f6a0ccf28e639f

  • SHA256

    311da15a5e86baa6bb5f0c85074e4a2a665a890bb4e1a4d9115413f5e25b3a9b

  • SHA512

    5199a4b3530cae5144df1b80299bd52d86ee1b718093c47603d1dd06f80f72058f48ecfd102335c3b2ce3a5f9cd186f553ebef62d85607a38f070d1bcd8f6db5

  • SSDEEP

    6144:FqS8rh8CTZOAqiTjigjQqMhmhTTfUPtUzXhcI77BVI+GjgvTI3XExGDLN3EuqDL8:FqSQh1QjXm1KtOBXGCVyL5vqDL8ea

Malware Config

Extracted

Family

trickbot

Version

2000035

Botnet

lib166

C2

36.91.117.231:443

36.89.228.201:443

103.75.32.173:443

45.115.172.105:443

36.95.23.89:443

103.123.86.104:443

202.65.119.162:443

202.9.121.143:443

139.255.65.170:443

110.172.137.20:443

103.146.232.154:443

36.91.88.164:443

103.47.170.131:443

122.117.90.133:443

103.9.188.78:443

210.2.149.202:443

118.91.190.42:443

117.222.61.115:443

117.222.57.92:443

136.228.128.21:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      987135bd4d26b44b5d6eb78e6e1b7d78f37134a55d16a89ba1ad196c1b3e0ea0

    • Size

      868KB

    • MD5

      66788b6ed9f832e002d0769fed025a31

    • SHA1

      85f68eb378d2759b0cb638c3edb26b16f2c120c0

    • SHA256

      987135bd4d26b44b5d6eb78e6e1b7d78f37134a55d16a89ba1ad196c1b3e0ea0

    • SHA512

      b936794aa10772aa2fe85d6dfeb1233bd838b7103c23853aced3fac04cac4ee3c490d15ad566a567882bbee91f8b864d1a1f2cf278b17564579d8cd40f0d8fb1

    • SSDEEP

      12288:0cfkUmruxF02xWt5bSoV/XHx8B8a4TrTEChqNi9rkJ/OA:KI02x+LXHqB8aErPqCC7

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Enterprise v15

Tasks