trickbot

General

Target

JaffaCakes118_ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf
Size

681KB
Sample

241226-zabksaymdt
MD5

89bb23d9e4a853958dea5aa0ada59c71
SHA1

18f753af404071d63bc852a9017228306f28be1e
SHA256

ffc926cda10fd60f0f3af5019846578ee2c805833771712bdc4ea80116e9fccf
SHA512

c745d4f75863b7a332cfd570171a0f6619904c580703f17db3e5b550933ee7c858ac1ad6af29cd515a715776bbc7b00c585c6e51b310971c6bf42cfc6f37272e
SSDEEP

12288:HnGLZQb0utU95voiWEvFBU06yYDe9VDP8RZfYtWQmrarcFJjOKnRdIGo0H:L8oiWENBU0nYD2KZf+W9OIjnfIje

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

leg1

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Targets

- Target
  
  Documents.tmp
- Size
  
  1.7MB
- MD5
  
  133f935f9bc1c919af18db30f9db657d
- SHA1
  
  afb6253e491e109ebe2445ab4935f37120420b5c
- SHA256
  
  0648bdad8a597280f65f4db2448ba1524d6508841933156f4dfef9d1fe2e5075
- SHA512
  
  5d0c5f6ca0b28253a3537c11cfc7f5a72e417c4b4607a148dfa770c307466e81058f56b7ad67cb32761442cda0d720ea23281b41b4979f545ceff5041327cd04
- SSDEEP
  
  49152:7OkkXuEs0GpGwx4JaTD6ydQD1xR88sxq57nN:UXuEUX4
Score

10^/10

trickbot leg1 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2