General

  • Target

    673982b23c4027317f04d4c1d1852cbe.zip

  • Size

    454KB

  • Sample

    240903-jv8g9a1fqj

  • MD5

    e47586127a393a9f7784c65e7c0a8f71

  • SHA1

    c995801279b49aa4ae5968aa5e5e8a06ad43b236

  • SHA256

    430dc7c621741088620ad9d70523b1badcfdba911d434b3db56ddd5e03966d9c

  • SHA512

    fa2aa4dde9a95724712abf9cbc4364421bd79817671ef3bc9592e56aae2365cff23b2d6682a871283ac696894be3e6a7192fbaafc42e7f1149a7a18498ab11e1

  • SSDEEP

    12288:1JntcJhQL1ntyXFbB1++hvGR+iYQ3hWfkB7cWsnCya:Pt4hQaxKkg84oWsha

Malware Config

Extracted

Family

trickbot

Version

2000035

Botnet

tot166

C2

36.91.117.231:443

36.89.228.201:443

103.75.32.173:443

45.115.172.105:443

36.95.23.89:443

103.123.86.104:443

202.65.119.162:443

202.9.121.143:443

139.255.65.170:443

110.172.137.20:443

103.146.232.154:443

36.91.88.164:443

103.47.170.131:443

122.117.90.133:443

103.9.188.78:443

210.2.149.202:443

118.91.190.42:443

117.222.61.115:443

117.222.57.92:443

136.228.128.21:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      589992f013ae9f7bb1ee802641939b6e8606094da271321465c334acd2b9e0d2

    • Size

      868KB

    • MD5

      673982b23c4027317f04d4c1d1852cbe

    • SHA1

      a3f93c2b3576024456ede26fefcf9b31d7459a0b

    • SHA256

      589992f013ae9f7bb1ee802641939b6e8606094da271321465c334acd2b9e0d2

    • SHA512

      407bcb5dfa7e4f9a92e368b616a8616633e3edd5cbeec4343e4e3039f069b4cef97d26125c2f8b76137842dcc1c250f1fab7f9c7e1b1879a8ca3942145b3aefd

    • SSDEEP

      12288:DEMkCMMFkUED6ANs4ZD9V63Az2hPmy+khUzJUL/p:m+ED6+xZzkmiiKp

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

MITRE ATT&CK Enterprise v15

Tasks