trickbot

General

Target

JaffaCakes118_9bc218173039ff5715dad1b0420219e4478c571bec8e7b556681196e69633b1b
Size

436KB
Sample

241224-bakaxsxlbm
MD5

a658eadde167b57f72460f5aebccfb24
SHA1

20caf1f87a2bc9aa2f94730d6d7f6be65f13a439
SHA256

9bc218173039ff5715dad1b0420219e4478c571bec8e7b556681196e69633b1b
SHA512

7c5a7fda88c1313554fa27937b7761d9adb16e18266ee340157dec725e7635813717087c14968c9086400df4fc6e9c77d2d70144a573a6fd0d0646a1310578a2
SSDEEP

6144:pkVJ67JhvuooLbJhMZnctQTFE4QbXU9CkDotFMcMNBlNtEKLtc:pkVJIDvZ8lOFfQbXU9s79MNBjKotc

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000033

Botnet

tot157

C2

179.42.137.102:443

191.36.152.198:443

179.42.137.104:443

179.42.137.106:443

179.42.137.108:443

202.183.12.124:443

194.190.18.122:443

103.56.207.230:443

171.103.187.218:449

171.103.189.118:449

18.139.111.104:443

179.42.137.105:443

186.4.193.75:443

171.101.229.2:449

179.42.137.107:443

103.56.43.209:449

179.42.137.110:443

45.181.207.156:443

197.44.54.162:449

179.42.137.109:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

1
RUNTMzAAAAAL/ZqmMPBLaRfg1hPOtFJrZz2Zi2/EC4B3fiX8VnaOUVKndBr+jEqWc7mw4v3ADTiwp64K5QKe1LZ27jUZxL4bWjxARPo85hv72nuedeZhRQ+adQQ/gIsV869MycRzghc=

Targets

- Target
  
  JaffaCakes118_9bc218173039ff5715dad1b0420219e4478c571bec8e7b556681196e69633b1b
- Size
  
  436KB
- MD5
  
  a658eadde167b57f72460f5aebccfb24
- SHA1
  
  20caf1f87a2bc9aa2f94730d6d7f6be65f13a439
- SHA256
  
  9bc218173039ff5715dad1b0420219e4478c571bec8e7b556681196e69633b1b
- SHA512
  
  7c5a7fda88c1313554fa27937b7761d9adb16e18266ee340157dec725e7635813717087c14968c9086400df4fc6e9c77d2d70144a573a6fd0d0646a1310578a2
- SSDEEP
  
  6144:pkVJ67JhvuooLbJhMZnctQTFE4QbXU9CkDotFMcMNBlNtEKLtc:pkVJIDvZ8lOFfQbXU9s79MNBjKotc
Score

10^/10

trickbot tot157 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.