trickbot

General

Target

f1439bde9f573fd54f1b51979da331b0.zip
Size

454KB
Sample

240903-va3baa1emr
MD5

db8ecf3cdb043f134b3f02c7c32ada15
SHA1

e79c2ab755da8d4ea287687078f2a902f552a59f
SHA256

79cc0ac2d6150f31479ac6296fdf395497e90d6df6717937e0df32600420ace1
SHA512

3b1cf435137376938e381260f3891891f03583d9143151ac75ab62c5329de49ec94821e244bb373b29eb0be955818abce5dae6ae7199540fbb52db67fdeb52ed
SSDEEP

6144:Bn0r8yDcnZgk7oucYZV66lh5zF/7FkexhgbAkqRUkjTOi/rROikVmZXIqDqe0Uih:Bn0rdONVZoMLXrRnF1cVK4qDqe+Z

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000035

Botnet

lib166

C2

36.91.117.231:443

36.89.228.201:443

103.75.32.173:443

45.115.172.105:443

36.95.23.89:443

103.123.86.104:443

202.65.119.162:443

202.9.121.143:443

139.255.65.170:443

110.172.137.20:443

103.146.232.154:443

36.91.88.164:443

103.47.170.131:443

122.117.90.133:443

103.9.188.78:443

210.2.149.202:443

118.91.190.42:443

117.222.61.115:443

117.222.57.92:443

136.228.128.21:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  5560a6f3cc626b539a23baef4d280239d80b9e93f1e2ff3ff26e3f637f6f56f4
- Size
  
  868KB
- MD5
  
  f1439bde9f573fd54f1b51979da331b0
- SHA1
  
  2dc79a6e36eeb404caa01b32b635701517f0bba9
- SHA256
  
  5560a6f3cc626b539a23baef4d280239d80b9e93f1e2ff3ff26e3f637f6f56f4
- SHA512
  
  d5875facaec3b842c43d808d6807a2efb50091e2fbd390b84753cf869836bea1dbcffc6c9cc55229090f761e9aab18af26aeb6df56bee022c6b5a4ba15c959ae
- SSDEEP
  
  12288:0cfkUmruxF02xWt5bSoV/XHx8B8a4TrTEChqNi9rkP/p:KI02x+LXHqB8aErPqC8p
Score

10^/10

trickbot lib166 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2