trickbot | a42bffa7b16e85fb92f190eea1b942f11f9a2406db21c65cf92c1c6869e248ec | Triage

Sharing

General

Target

2b1818fba14402d5592ac9b827e0daec.zip
Size

197KB
Sample

240903-qkdnfsxerj
MD5

4ed628aa26fa79959ac47e1aaab2fe23
SHA1

f54659f75f9f282a3d2498bf37194956e2fba0f8
SHA256

a42bffa7b16e85fb92f190eea1b942f11f9a2406db21c65cf92c1c6869e248ec
SHA512

e82dae5490a349f55b6bb0e810255144ce8213c5cc08fa7acaf3872096ed36343471a69cf6bed98f9b18f6d64f5ebffe518b0804dd213ef7c4e1f17f59bfdf0a
SSDEEP

6144:qzGTvzto1TtnLdSEu28LUHNHzkWwaJthI6v3jdwIa:C8vzwthSEuCFzkW5thOIa

Score

10^/10

trickbot tt0002 banker discovery evasion trojan

Malware Config

Extracted

Family

trickbot

Version

1000139

Botnet

tt0002

C2

212.14.51.43:449

212.14.51.56:449

78.155.199.232:443

95.213.195.46:443

82.202.204.9:443

82.202.236.101:443

195.133.146.92:443

194.87.94.8:443

92.53.91.252:443

185.228.233.174:443

81.177.141.197:443

81.177.141.7:443

185.236.130.10:443

94.250.250.216:443

109.234.38.22:443

82.202.204.172:443

81.177.135.225:443

94.250.252.228:443

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Targets

- Target
  
  295874510bc06125746ae8ffcea35727212e9091d4eb5e2bb99bc69567879353
- Size
  
  355KB
- MD5
  
  2b1818fba14402d5592ac9b827e0daec
- SHA1
  
  b1fa488e0b4bc4dc7822c12fc652e5af6d6b82c3
- SHA256
  
  295874510bc06125746ae8ffcea35727212e9091d4eb5e2bb99bc69567879353
- SHA512
  
  28296a95b6655dc76fb6d1e062b23e9927fe7fa0291139f97b2e46ec20787a5980f0ea8a63e128929df1c9c251e3080086ed9703f3c395dae42283c60019e9e2
- SSDEEP
  
  6144:O/GIHY9EPzb0dT83QOATmTygzda6tt4jQIPUZnq3BN5f68Gv5IO2:O/GmPzwOATSy8da6r4j5Cef6Z
Score

10^/10

trickbot tt0002 banker discovery evasion trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trickbottt0002bankerdiscoveryevasiontrojan

behavioral2

trickbottt0002bankerdiscoverytrojan