trickbot

General

Target

JaffaCakes118_4a2015231b4dfe16b32d48c49cf38fb098e01a2dd5016eb91304d2ba033d6901
Size

217KB
Sample

241225-am2kas1qex
MD5

abe6e67042e24099c880a9149cc764af
SHA1

2d89c1bf6ecf1fe12a2505dd4a9f875b631b18dd
SHA256

4a2015231b4dfe16b32d48c49cf38fb098e01a2dd5016eb91304d2ba033d6901
SHA512

300592c3924cc13cf9ca6971a4cb82ab88bffbb8ac434f9d8e53d602c712ca6953a85574b3fcafa37d1c330168c072a5247ea418f980c415f613394fce75930b
SSDEEP

3072:tn8OkeG/4RxKh3tl394QZxD9tYys44YQg9JLrok8HT8OqmUDfHeOfbymjVZgWsK:xg4RIT4/440yk8HT8oUDfHJmmpZpsK

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000512

Botnet

chil69

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  trigger.bat
- Size
  
  30B
- MD5
  
  d34f7602cf38aca4434dc07e2b871678
- SHA1
  
  7c2f896087f4be1754700d5a1501b5ccaaa5fd14
- SHA256
  
  346d1fdfba3bb9ea5c8849e959ec967a92be0f2951a069a38dcbdebb7d88f5b6
- SHA512
  
  0b8b7a9bff74f8ec5e3c07fe1d8dd86a47bf37f011f1a53a27c3eb8b63be386db06eefb846c36d5e8896818dc5eccc7dc77a5db9dd454629d7c3c3290d23a7bc
Score

10^/10

trickbot chil69 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2
- Target
  
  update.dll
- Size
  
  277KB
- MD5
  
  cc6e4b689560a13c0e69d9ae0c46d44c
- SHA1
  
  a5e0fafeb8bbbab9b26db9e7671f7b89ec10e6ee
- SHA256
  
  0d4d2125bd4d02deb9a731e3b05d8e5fef62836c2a93f9219d8cf05aae2776f9
- SHA512
  
  df8f4cc59c988199a4b5ad817d8b4547a835fe77fc75337cbc6975db87214c2215658414e508b1593e1a72146459f686bd9b1f4106af66a7e8c8a88d4ccb6666
- SSDEEP
  
  6144:efd5q5kTa1bThX43248yk8Hx8oUDfH5mIpZpmi:efWQehuH8l8HCLf5m6pZ
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4