trickbot

General

Target

JaffaCakes118_31bc7ea777e69ca2e8f882ae8d262f0ba5c3d34b654433c987e5a2b7e7452eb3
Size

358KB
Sample

241225-vr54hazla1
MD5

ee48a1878842a8b2bef1295a4f940595
SHA1

6d4b9479347126b22c20407c1d75f40b422b89ce
SHA256

31bc7ea777e69ca2e8f882ae8d262f0ba5c3d34b654433c987e5a2b7e7452eb3
SHA512

11e74d888aa53e1030c783c5f8b6de00391e9fd466d74e359a03de8d00bd27ef51d034bec17cbdaafaed063dcb43e895525aacb2ca7985a20b60521006e4f7e7
SSDEEP

6144:6o+RiqeCLcWyQlRWJ4ltr9xWqXIcsyKGx5V+ryt8FehFxjMEHV+soAfKTFDW4VK3:6RRxlRWJ4r9ZXmjCTt869nch6sK3

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

mor130

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  Identitiesx5991793179/launcher.bat
- Size
  
  1KB
- MD5
  
  263ceadfdd9059090da9b583a9d02a3d
- SHA1
  
  0f58c01884d5bf8411b4654b71ccd8a684328560
- SHA256
  
  8088da159170173780eeb122a490f1bca5134fd34aa02999f6343559259f7774
- SHA512
  
  1d50e46bf32f44b4f317dc402663ab712149422de13640bcef956f8a9d2b75d058ad694db881db34e50debd750d8189c896be4c999fe4f985e95772c26062e41
Score

3^/10
behavioral1 behavioral2
- Target
  
  Identitiesx5991793179/sendmailb2b.exe
- Size
  
  664KB
- MD5
  
  635c619c6b7efe91d743774440076105
- SHA1
  
  c83c9541e3abc4fa4017665cafa3b6e78b3a5e4d
- SHA256
  
  78adf9aebf778659b4f9c54f72152559d0ccb72e1e813379bc49c2172c6dacdb
- SHA512
  
  a6a895f887c9c290478a3cd6cc85fe5130737c9c8b4130e7630dc61a9375b3653936219d7e1884b86d74c56cf954c2d3de54574145bc32494f13e54158de55e6
- SSDEEP
  
  12288:mO2zTVbVDiVLwE1zr6Thhl6uSciSjbdSTfNx98wX/hpUAbmjGtX8MLnQh4sJ:mO2ztPhG/bocbQh4u
Score

10^/10

trickbot mor130 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4