trickbot

General

Target

JaffaCakes118_c9c27a0281b53d47e7d2d0f33461998cc56eb9a3c55a4c2bf7ecb10f5fadae1f
Size

413KB
Sample

241225-xdqsrssnay
MD5

ea215551ed37075bd16e88e417f3c0f5
SHA1

e67b1a8504809a622993e8e827dad23cacf8c189
SHA256

c9c27a0281b53d47e7d2d0f33461998cc56eb9a3c55a4c2bf7ecb10f5fadae1f
SHA512

7308e12b2a8187b59f69ee0338b22638c3d71df1d65c98b743cd186646f2fdeb12d66ec92efd1ebce3b290fd32d626114cd9c696f11d866aeebe484d6406eff6
SSDEEP

6144:YvXnRXTk2vOUWei6qAvVyFuYpjhBd8hnwfFFg+mkTNHS19aGP6bmhQ79xB2G+U:YvXRXn5ilWibdmqm8yDaGthQ7972G+U

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000026

Botnet

rob28

C2

154.79.252.132:449

179.191.108.58:449

200.6.169.124:443

103.76.20.226:443

80.78.77.116:449

80.78.75.246:443

45.234.248.66:449

187.190.116.59:443

185.234.72.84:443

36.94.202.131:443

103.91.244.102:449

168.232.188.88:449

103.73.101.98:449

173.81.4.147:449

202.142.151.190:449

118.67.216.238:449

108.170.20.72:443

85.159.214.61:443

36.92.93.5:449

79.122.166.236:449

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  1f0d7f3144ba0d50374f61c941f5a94e
- Size
  
  660KB
- MD5
  
  1f0d7f3144ba0d50374f61c941f5a94e
- SHA1
  
  75dec9b5253ba55a6fecc2e96a704e654785e7d9
- SHA256
  
  12c758880559bf8d54aa665bf63bd8fb3009d9df405515a55a20438509c4fbf5
- SHA512
  
  e07bc9a601b53de9048cbd32f25e097508d2c6b9f534522708269b42a0b8b01cb10f429fcad6538bdac5f06f76de22dd20ae133603a2e8416ca1e67b54eddb69
- SSDEEP
  
  12288:n+QjOdLU2K5HmTbKbKKMFZys7tmwdl71SyDe3/9ie:+/LUfU6MjvDoyDe3F
Score

10^/10

trickbot rob28 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2