trickbot

General

Target

JaffaCakes118_4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c
Size

279KB
Sample

241225-q6m41svjc1
MD5

69087afdca5b68a54bf628ce48f2be27
SHA1

277f7a8dd35a9a803f1b32ea8c5e607c3d62f8fd
SHA256

4b4b4acce5905c70900e4d63547dedee52446a94750954787f87949715a6179c
SHA512

ed17b34d647532a0d5b5b16ab6c56fd0d83af020f1aaa5f6e6714aa61ed2442484c929eb38c958e4f2a4a214094d1460b02f0de38dbe97ab65ec30b093a35cc4
SSDEEP

6144:s+0Ye4AjUlQMB9fcvTWjGi7HfPTBoPMWi1SjHkk4Eroa5uVvRBRlH:s++YDETmfdoE71SjHZvu3VH

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

ono82

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  oniac.dll
- Size
  
  400KB
- MD5
  
  8f92810eb1bd9e432f0ac2abe254ae24
- SHA1
  
  65aa6449d5fb8ed0d71ed6ba491983b344166b2a
- SHA256
  
  e02ce2fd3f6b85b8375e889bfdbbe2684c8855260f24a46880169a629b373bc4
- SHA512
  
  9e88c3d8db082b6fb97b7cff3c5a1315fdfd2a3e20446e1a8f6f8716e20112c1081daf14f1f67666c932d740ad30e3441716efd4817b9a71e7aea44f7f4407cb
- SSDEEP
  
  12288:APsEXAr3sB2fnodijKCNETSfdok7ZSjHZzuTpH:P3sB2fnodiKk6aezkJ
Score

10^/10

trickbot ono82 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2
- Target
  
  start.bat
- Size
  
  38B
- MD5
  
  8697c90a9fb42de3036d11858f99d757
- SHA1
  
  dcb6f039c4b1c6f4435b9212e2b6213e3f414f65
- SHA256
  
  260d15a54776f9c4a79c6f9308395ac0d5cebfd8c6ec5d40e09821a1345769ba
- SHA512
  
  096cb6319720dbd8407686b8791310fe8242aadafcbe332ed1d6eb1fd0bf4d1675d03ab378c19793464f03419418f118d59a8274c7c7d582ad4d29faba501523
Score

10^/10

trickbot ono82 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

Trickbot

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4