General

  • Target

    18d13aff5226fb85c4e662c57e6f19c105f588a12141f000c52c23843e78a93a.exe

  • Size

    706KB

  • Sample

    241123-tysw3stqdk

  • MD5

    179fceb5e9a42ed5d24349789f0c8721

  • SHA1

    8fb758a634d0c7b0a7378e49b4faae3f2ba53fc3

  • SHA256

    18d13aff5226fb85c4e662c57e6f19c105f588a12141f000c52c23843e78a93a

  • SHA512

    662bd34914f7c31f1f66750c0a6602648530108e6f4b3909409f2854562e6cc63faf55c1b51ba1f921775a7fae22ff81afdc517cb9d7ba20b2c3cd5f94394fa4

  • SSDEEP

    12288:7NP2qgMhn9VbKac3cM15xIKR5pduDkgcKOuCEUz+ovYJXA8ZRA5cXO/+uBY2F0cc:RPp2abM15xIxD4KXJg/vYRbKDBhF1TSj

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

rob136

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      18d13aff5226fb85c4e662c57e6f19c105f588a12141f000c52c23843e78a93a.exe

    • Size

      706KB

    • MD5

      179fceb5e9a42ed5d24349789f0c8721

    • SHA1

      8fb758a634d0c7b0a7378e49b4faae3f2ba53fc3

    • SHA256

      18d13aff5226fb85c4e662c57e6f19c105f588a12141f000c52c23843e78a93a

    • SHA512

      662bd34914f7c31f1f66750c0a6602648530108e6f4b3909409f2854562e6cc63faf55c1b51ba1f921775a7fae22ff81afdc517cb9d7ba20b2c3cd5f94394fa4

    • SSDEEP

      12288:7NP2qgMhn9VbKac3cM15xIKR5pduDkgcKOuCEUz+ovYJXA8ZRA5cXO/+uBY2F0cc:RPp2abM15xIxD4KXJg/vYRbKDBhF1TSj

MITRE ATT&CK Enterprise v15

Tasks