trickbot

General

Target

JaffaCakes118_37d659b7d57a3deabe3bac595d9633c57d3b98a422f00d8039b98e1828d2036c
Size

271KB
Sample

241222-c49ncazqfl
MD5

7b3e8fddb5f5b8836062c27b59d1e700
SHA1

db2fa72cc97d3cb885493d999110d279b29df72d
SHA256

37d659b7d57a3deabe3bac595d9633c57d3b98a422f00d8039b98e1828d2036c
SHA512

072c3f7db42d00a95e6454c610ea05a3e145d360631f2abd6da0aae7346fb1b5a50ea189435227b03dd06914c2a5ce3576e1176a1dc07f22184f4e2b12da1f87
SSDEEP

6144:ERTwnKrLNsg1yRieapkD2ST8hxvbKAVflCLssMGz9tuPwsrFDi8chvO0+0Yo3u:ypNsIea+/keiMLXhjYF+8KV+0/+

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000029

Botnet

tot93

C2

103.66.72.217:443

117.252.68.211:443

103.124.173.35:443

115.73.211.230:443

117.54.250.246:443

131.0.112.122:443

102.176.221.78:443

181.176.161.143:443

154.79.251.172:443

103.111.199.76:443

103.54.41.193:443

154.79.244.182:443

154.79.245.158:443

139.255.116.42:443

178.254.161.250:443

178.134.47.166:443

158.181.179.229:443

103.90.197.33:443

109.207.165.40:443

178.72.192.20:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  69947cfea7518aab0920c81530b9e643d0fd0a14b0686a5d13dc1500366f071d.exe
- Size
  
  333KB
- MD5
  
  c9964c315a0d85ba4894d541816cf676
- SHA1
  
  6e26e2ce4ae0b98ba615cb894cc9c25767080775
- SHA256
  
  69947cfea7518aab0920c81530b9e643d0fd0a14b0686a5d13dc1500366f071d
- SHA512
  
  8bd8ebed9bcbcbbf297d269adba9142146b64cce88961f4a37545676851514b6306dac7cb044c5634ea41f6cbb59502985fc6f3e5bd38dd56f799edc9e7273f2
- SSDEEP
  
  6144:pFF9MSFuZD4p+e+C6lby/Pn2E5wx4JoV6Hj2fX50QGPlNmE3Ip:rF9MSUZ8p+Qoby/Pkx4WAI12lNmEQ
Score

10^/10

trickbot tot93 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2