General

  • Target

    68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

  • Size

    110KB

  • Sample

    241221-v6kfcavka1

  • MD5

    595b19e7618a77ecd00034182c74b0e4

  • SHA1

    c5afa94c84a733dbd86edd2061614946aa9cfb19

  • SHA256

    68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

  • SHA512

    029a5bef5c5158b33a3eb025782abb3cddeb53223cb80f1fe38fda5e14c0831bf0524fb6ce66aab6cd1f756c10c0c0f20642245a07b073c788bdb7cca33061d2

  • SSDEEP

    3072:wUJC1DZYjcOBmn9nK3lhK7kgB9DTfd+5SEsVoSfR:zIDZ6cOBkE3bKzB9DTV+mV

Malware Config

Extracted

Family

trickbot

Version

1000488

Botnet

sat68

C2

185.62.189.132:443

5.2.72.84:443

193.37.213.110:443

85.143.220.41:443

5.34.177.50:443

172.82.152.130:443

146.185.253.132:443

107.172.29.108:443

107.172.208.51:443

212.124.117.25:443

64.44.133.151:443

146.185.219.94:443

185.66.13.65:443

194.99.22.48:443

194.5.250.35:443

167.86.123.83:443

107.181.187.221:443

103.219.213.102:449

117.255.221.135:449

189.28.185.50:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

    • Size

      110KB

    • MD5

      595b19e7618a77ecd00034182c74b0e4

    • SHA1

      c5afa94c84a733dbd86edd2061614946aa9cfb19

    • SHA256

      68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

    • SHA512

      029a5bef5c5158b33a3eb025782abb3cddeb53223cb80f1fe38fda5e14c0831bf0524fb6ce66aab6cd1f756c10c0c0f20642245a07b073c788bdb7cca33061d2

    • SSDEEP

      3072:wUJC1DZYjcOBmn9nK3lhK7kgB9DTfd+5SEsVoSfR:zIDZ6cOBkE3bKzB9DTV+mV

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

    • Trickbot family

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks