trickbot

General

Target

c19c31d5013f422b8f8103b291137c33cb4f01ed69aa7bc35993e246c43d410b.exe
Size

868KB
Sample

241122-p42nys1kf1
MD5

b9b64a8981e1992b33778c80b1dc85ea
SHA1

5f9792fdc8266e7eaa9c861189abaa2b82ce3039
SHA256

c19c31d5013f422b8f8103b291137c33cb4f01ed69aa7bc35993e246c43d410b
SHA512

64a391b75a0fbc86f57375a5978e13b91aa1a6200a284721465b695379ed973a8091d3b63f6d2caa6f4a2e35f51cb8c96df4d5daaec559c7f4bcc6f8b40a004c
SSDEEP

12288:DEMkCMMFkUED6ANs4ZD9V63Az2hPmy+khUzJUf/H:m+ED6+xZzkmiiWH

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000035

Botnet

tot166

C2

36.91.117.231:443

36.89.228.201:443

103.75.32.173:443

45.115.172.105:443

36.95.23.89:443

103.123.86.104:443

202.65.119.162:443

202.9.121.143:443

139.255.65.170:443

110.172.137.20:443

103.146.232.154:443

36.91.88.164:443

103.47.170.131:443

122.117.90.133:443

103.9.188.78:443

210.2.149.202:443

118.91.190.42:443

117.222.61.115:443

117.222.57.92:443

136.228.128.21:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

1
RUNTMzAAAAAL/ZqmMPBLaRfg1hPOtFJrZz2Zi2/EC4B3fiX8VnaOUVKndBr+jEqWc7mw4v3ADTiwp64K5QKe1LZ27jUZxL4bWjxARPo85hv72nuedeZhRQ+adQQ/gIsV869MycRzghc=

Targets

- Target
  
  c19c31d5013f422b8f8103b291137c33cb4f01ed69aa7bc35993e246c43d410b.exe
- Size
  
  868KB
- MD5
  
  b9b64a8981e1992b33778c80b1dc85ea
- SHA1
  
  5f9792fdc8266e7eaa9c861189abaa2b82ce3039
- SHA256
  
  c19c31d5013f422b8f8103b291137c33cb4f01ed69aa7bc35993e246c43d410b
- SHA512
  
  64a391b75a0fbc86f57375a5978e13b91aa1a6200a284721465b695379ed973a8091d3b63f6d2caa6f4a2e35f51cb8c96df4d5daaec559c7f4bcc6f8b40a004c
- SSDEEP
  
  12288:DEMkCMMFkUED6ANs4ZD9V63Az2hPmy+khUzJUf/H:m+ED6+xZzkmiiWH
Score

10^/10

trickbot tot166 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.