trickbot

General

Target

JaffaCakes118_2550277b280d81a8a049baffea87e2ca6b72d40e08646349b5b690880bd154ec
Size

231KB
Sample

241225-rv2zgavnes
MD5

4a387db188aefb0dd2a6984cd36966e3
SHA1

918dd46f7912b93390c2fe590bf99c89a016ec95
SHA256

2550277b280d81a8a049baffea87e2ca6b72d40e08646349b5b690880bd154ec
SHA512

8ebafef09a11aaaeabba8e3f31c6c9430a2ab0ae86e27710c7c410edc6219261b0ccb802a164015cecc298e22af87d51a3e34adc4d47dba3e95d494581f71dd8
SSDEEP

6144:xGc/vj24AzV/+GqDDm74lUwjk6cD5wHUH:xpjYzd+/Da7aUGA5RH

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000514

Botnet

ono76

C2

51.89.163.40:443

89.223.126.186:443

45.67.231.68:443

148.251.185.165:443

194.87.110.144:443

213.32.84.27:443

185.234.72.35:443

45.89.125.148:443

195.123.240.104:443

185.99.2.243:443

5.182.211.223:443

195.123.240.113:443

85.204.116.173:443

5.152.210.188:443

103.36.48.103:449

36.94.33.102:449

36.91.87.227:449

177.190.69.162:449

103.76.169.213:449

179.97.246.23:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  ONKVD.dll
- Size
  
  304KB
- MD5
  
  0828f63b9396fead9231cae937694a37
- SHA1
  
  66f370b3a1dcfb9c87a31b35d2c0951a3b1612f8
- SHA256
  
  fdfb6706e3f056404da1928a1a8dc3bce4ab4b8473f49e1c246b4ab2edc69ad4
- SHA512
  
  dc34118892dfb58d22e888818b06c3f67307261238fb96eb9d75a2a2d88e761c07295cb6706a6783795d8365251bed83e91f1631cc86ca8ae16113156c561256
- SSDEEP
  
  3072:Uz/9xlxG5uQ5qPfKUwUS6pRBdHQwlaAwgQegMjA3k30qSeLZerTCC0NBSNka9Jvo:2NG51UrS6pRBdwwlaDe3EqSedAWU2as
Score

10^/10

trickbot ono76 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2