General

  • Target

    5a191c7c878f1796437bfbf59b06223efbf61d2e770d02b9ffefa4d0c1701d4a.exe

  • Size

    616KB

  • Sample

    241121-ks1kas1elr

  • MD5

    b27814781fe35d8e863838dbd8477311

  • SHA1

    b717c53597dae93cacf23da98da158bf00ac5f58

  • SHA256

    5a191c7c878f1796437bfbf59b06223efbf61d2e770d02b9ffefa4d0c1701d4a

  • SHA512

    2074984a31aeca986ce4cde7689e0db1057f413551789d752eaa63ac0d50272260b89721df58482513672a105c5e17ef317725714d7de9911489ca9620ad85a7

  • SSDEEP

    12288:7eoWdAMLC3CPidoZrhgzpvIikJZYhtNtOf:2dAM+UieZGzRIxZYyf

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

lip138

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      5a191c7c878f1796437bfbf59b06223efbf61d2e770d02b9ffefa4d0c1701d4a.exe

    • Size

      616KB

    • MD5

      b27814781fe35d8e863838dbd8477311

    • SHA1

      b717c53597dae93cacf23da98da158bf00ac5f58

    • SHA256

      5a191c7c878f1796437bfbf59b06223efbf61d2e770d02b9ffefa4d0c1701d4a

    • SHA512

      2074984a31aeca986ce4cde7689e0db1057f413551789d752eaa63ac0d50272260b89721df58482513672a105c5e17ef317725714d7de9911489ca9620ad85a7

    • SSDEEP

      12288:7eoWdAMLC3CPidoZrhgzpvIikJZYhtNtOf:2dAM+UieZGzRIxZYyf

MITRE ATT&CK Enterprise v15

Tasks