trickbot

General

Target

JaffaCakes118_a16c46df8bbf9583e3b36b732b1f8399fe46cc5d0b403fbe3c3558be97b8fee7
Size

516KB
Sample

241222-mn5dssvpbj
MD5

63905f6cbc8eb5883726780be6565d91
SHA1

284e4f212ce2e433660c88a570c2219d65735aaf
SHA256

a16c46df8bbf9583e3b36b732b1f8399fe46cc5d0b403fbe3c3558be97b8fee7
SHA512

b21f2aa3f24c926cd7daaa5ecde6e1bc91b5a0e9823ea2e982254d4d58fa66d7e0e7936f868aecbda2ff26917ae209f51df748dc6a7fb1a86166f6e6b7de21c3
SSDEEP

12288:cbVMh0tRyr3W3SQniM+uwkMx8nXoTT0WJZmo:WMh0tRyW3lY8X2xJZmo

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000033

Botnet

tot153

C2

179.42.137.102:443

191.36.152.198:443

179.42.137.104:443

179.42.137.106:443

179.42.137.108:443

202.183.12.124:443

194.190.18.122:443

103.56.207.230:443

171.103.187.218:449

171.103.189.118:449

18.139.111.104:443

179.42.137.105:443

186.4.193.75:443

171.101.229.2:449

179.42.137.107:443

103.56.43.209:449

179.42.137.110:443

45.181.207.156:443

197.44.54.162:449

179.42.137.109:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  JaffaCakes118_a16c46df8bbf9583e3b36b732b1f8399fe46cc5d0b403fbe3c3558be97b8fee7
- Size
  
  516KB
- MD5
  
  63905f6cbc8eb5883726780be6565d91
- SHA1
  
  284e4f212ce2e433660c88a570c2219d65735aaf
- SHA256
  
  a16c46df8bbf9583e3b36b732b1f8399fe46cc5d0b403fbe3c3558be97b8fee7
- SHA512
  
  b21f2aa3f24c926cd7daaa5ecde6e1bc91b5a0e9823ea2e982254d4d58fa66d7e0e7936f868aecbda2ff26917ae209f51df748dc6a7fb1a86166f6e6b7de21c3
- SSDEEP
  
  12288:cbVMh0tRyr3W3SQniM+uwkMx8nXoTT0WJZmo:WMh0tRyW3lY8X2xJZmo
Score

10^/10

trickbot tot153 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2