General

  • Target

    d9a52dcd6de626eb950e606826c89e5f8bdb5dad717c3fd8f610e09f55fec0a7.exe

  • Size

    508KB

  • Sample

    241124-exa8bazmcq

  • MD5

    8986d2586f15b71b9a77f6846ffcbc8c

  • SHA1

    5c78597eccd04f70c02ad9345a686ebd80d972d9

  • SHA256

    d9a52dcd6de626eb950e606826c89e5f8bdb5dad717c3fd8f610e09f55fec0a7

  • SHA512

    2bf46fcc3404e2a773bbd1b40ee093a52ada7fb67757439e1f05c0218320c481d646e63a40f4a4112338664697dce5ed348e58d98ddc25dec8358a33b4258a24

  • SSDEEP

    12288:rMGeVRE83xVOESLawOVP6hO9724GpBb33:rMGeVe83xVOKchO97SpR33

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

soc1

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes
  • autorun
    Name:pwgrabb
    Name:pwgrabc
ecc_pubkey.base64

Targets

    • Target

      d9a52dcd6de626eb950e606826c89e5f8bdb5dad717c3fd8f610e09f55fec0a7.exe

    • Size

      508KB

    • MD5

      8986d2586f15b71b9a77f6846ffcbc8c

    • SHA1

      5c78597eccd04f70c02ad9345a686ebd80d972d9

    • SHA256

      d9a52dcd6de626eb950e606826c89e5f8bdb5dad717c3fd8f610e09f55fec0a7

    • SHA512

      2bf46fcc3404e2a773bbd1b40ee093a52ada7fb67757439e1f05c0218320c481d646e63a40f4a4112338664697dce5ed348e58d98ddc25dec8358a33b4258a24

    • SSDEEP

      12288:rMGeVRE83xVOESLawOVP6hO9724GpBb33:rMGeVe83xVOKchO97SpR33

MITRE ATT&CK Enterprise v15

Tasks