trickbot

General

Target

JaffaCakes118_ab07d46bde14e0b0658654e70abdd84cd9a3d602d6fe54b78a2bbdef7dd735a4
Size

351KB
Sample

241223-1fe1tsskhk
MD5

8214256195e0b42c6365ebb58e248d85
SHA1

49934d0481e1ce060e517f1cf55ac5af9cc78ab3
SHA256

ab07d46bde14e0b0658654e70abdd84cd9a3d602d6fe54b78a2bbdef7dd735a4
SHA512

4bd83b04a8214c23caf694a584ee7d90bbc727c9857c5db20f7d274200e334e5f292956923fa886e565ad9f738543a3856da64a37a206eb78a65c56f4c56e512
SSDEEP

6144:yXclDYgdO9Oe/jf8blg1ps9jod2mZHULZV5kULqFsO7rZtbdvtLoml5sZ1Yz8ZhC:yXcezFQb+1psFoEh7kXnrjbdVEmA1YQm

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000026

Botnet

rob20

C2

154.79.252.132:449

179.191.108.58:449

200.6.169.124:443

103.76.20.226:443

80.78.77.116:449

80.78.75.246:443

45.234.248.66:449

187.190.116.59:443

185.234.72.84:443

36.94.202.131:443

103.91.244.102:449

168.232.188.88:449

103.73.101.98:449

173.81.4.147:449

202.142.151.190:449

118.67.216.238:449

108.170.20.72:443

85.159.214.61:443

36.92.93.5:449

79.122.166.236:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  5e3ac60f9af6bd3b89111fc54fb64293
- Size
  
  557KB
- MD5
  
  5e3ac60f9af6bd3b89111fc54fb64293
- SHA1
  
  bf37c983936ec5690bda0e62ff3819904d11041e
- SHA256
  
  b3e4dfcdaf5a15bc2ccabfb4ee3e65c1c14a5d66f8becf23a4ed6a79089a81f9
- SHA512
  
  955409a07dba32fb28977f0b237fd07bcf50aaf97796690075a084ce8a0075d262ba8a631f0e215f43fc253abfe873dc41006ecee2da993d238f409e5547efcd
- SSDEEP
  
  12288:+KqoNFWaCEMTnoy/Zs8IyVIzsRBrcMTvrRRYHy6qunhKEKD92UCd:+KqoNFWaCEMTRZs8pECTzRRYymyD1C
Score

10^/10

trickbot rob20 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2