trickbot

General

Target

JaffaCakes118_dcaac583703acfffa76f7741f1e6f8b55d6d773941406151c4233786ff1f54df
Size

280KB
Sample

241223-zj49fs1jfw
MD5

b93de401a6d9e48ab766ba11a60cba44
SHA1

b71c4a74c4d30da27bfcf992f614f9215ca988e7
SHA256

dcaac583703acfffa76f7741f1e6f8b55d6d773941406151c4233786ff1f54df
SHA512

6f6216003b50bf9e56772583bc8b74bd878f611d4b35ae0e2278fce0f3a15e1a39d422e93de0cfb3fa895c697d35092a82a18d5d7273822696c1098a7c5951ed
SSDEEP

6144:WqxKdSfnGRTeMjIU+9Pe5z8t9fMvS+5wufEuZCZ/z:WrS/GtaPJgO0vSWwuwBz

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

ono82

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e02ce2fd3f6b85b8375e889bfdbbe2684c8855260f24a46880169a629b373bc4.dll
- Size
  
  400KB
- MD5
  
  8f92810eb1bd9e432f0ac2abe254ae24
- SHA1
  
  65aa6449d5fb8ed0d71ed6ba491983b344166b2a
- SHA256
  
  e02ce2fd3f6b85b8375e889bfdbbe2684c8855260f24a46880169a629b373bc4
- SHA512
  
  9e88c3d8db082b6fb97b7cff3c5a1315fdfd2a3e20446e1a8f6f8716e20112c1081daf14f1f67666c932d740ad30e3441716efd4817b9a71e7aea44f7f4407cb
- SSDEEP
  
  12288:APsEXAr3sB2fnodijKCNETSfdok7ZSjHZzuTpH:P3sB2fnodiKk6aezkJ
Score

10^/10

trickbot ono82 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2