General

  • Target

    ead5c0f5a9c9500bcd68f77b62106d60a79efa4684796ef909bad63882854c0b.exe

  • Size

    432KB

  • Sample

    241122-w3xryawkaz

  • MD5

    59d4d82f5416fa62803080765ca60656

  • SHA1

    97e1ffb33fb01435e365f8e9efd44e338145e36f

  • SHA256

    ead5c0f5a9c9500bcd68f77b62106d60a79efa4684796ef909bad63882854c0b

  • SHA512

    4d3e1ba4ebf564418ace1b9bd60185d088db2d0d4599b3ca0bd5be6dc03ba8f54d0972b1de7c2b71ecd032163bbe81f668fa4e298bfe5a60c1389fdd9d878ebd

  • SSDEEP

    6144:/wvR6AqCgTAX3m05C0LG7HlBRQ3kLcSm43/LOQU4GIXxdpCCWkNU1a:/wvRp+Twz5CEGjHRQ3In4B4

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

soc1

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      ead5c0f5a9c9500bcd68f77b62106d60a79efa4684796ef909bad63882854c0b.exe

    • Size

      432KB

    • MD5

      59d4d82f5416fa62803080765ca60656

    • SHA1

      97e1ffb33fb01435e365f8e9efd44e338145e36f

    • SHA256

      ead5c0f5a9c9500bcd68f77b62106d60a79efa4684796ef909bad63882854c0b

    • SHA512

      4d3e1ba4ebf564418ace1b9bd60185d088db2d0d4599b3ca0bd5be6dc03ba8f54d0972b1de7c2b71ecd032163bbe81f668fa4e298bfe5a60c1389fdd9d878ebd

    • SSDEEP

      6144:/wvR6AqCgTAX3m05C0LG7HlBRQ3kLcSm43/LOQU4GIXxdpCCWkNU1a:/wvRp+Twz5CEGjHRQ3In4B4

MITRE ATT&CK Enterprise v15

Tasks