trickbot

General

Target

JaffaCakes118_8d6596e637c4dd0c1d62c12afbff1775031796db3fcb9c1d20b485cb940a6970
Size

280KB
Sample

241226-16j3gasrdk
MD5

cef12b50326b78c326ab62496fa5dc7c
SHA1

d68f564f9651d46b720875bb03f3b6bb1f701158
SHA256

8d6596e637c4dd0c1d62c12afbff1775031796db3fcb9c1d20b485cb940a6970
SHA512

e841b40b6222a733774c5f84ff5e80984b5847e4a56810c916634d2f68a02d4f2ed95961d2b95325cef265cdd641e8968a1f6d829eff24d8a624a5ca59a3421f
SSDEEP

6144:uZZuPwDhINanJiRTtw2tfv9UdHC0qQrk5oFyb2cQm5caJ2anC:GZdKNAJiFp6NjQd/5o

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

2000011

Botnet

ono82

C2

131.153.22.145:443

62.108.35.29:443

45.89.127.118:443

185.99.2.123:443

62.108.35.36:443

45.89.127.119:443

51.77.112.255:443

194.5.249.216:443

185.99.2.160:443

80.85.156.116:443

86.104.194.102:443

37.220.6.115:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  e02ce2fd3f6b85b8375e889bfdbbe2684c8855260f24a46880169a629b373bc4.dll
- Size
  
  400KB
- MD5
  
  8f92810eb1bd9e432f0ac2abe254ae24
- SHA1
  
  65aa6449d5fb8ed0d71ed6ba491983b344166b2a
- SHA256
  
  e02ce2fd3f6b85b8375e889bfdbbe2684c8855260f24a46880169a629b373bc4
- SHA512
  
  9e88c3d8db082b6fb97b7cff3c5a1315fdfd2a3e20446e1a8f6f8716e20112c1081daf14f1f67666c932d740ad30e3441716efd4817b9a71e7aea44f7f4407cb
- SSDEEP
  
  12288:APsEXAr3sB2fnodijKCNETSfdok7ZSjHZzuTpH:P3sB2fnodiKk6aezkJ
Score

10^/10

trickbot ono82 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2