trickbot

General

Target

c3f53089ed25572ce22bdcc48ff8ffa008018f11e6b7ae0faa06d3d6b365d68c
Size

100KB
Sample

250327-wr3h2sxr15
MD5

78face6532ea097b73d507f3e06bbcac
SHA1

7bb03b4a49477e3972cafe3609d42a912ef6c770
SHA256

c3f53089ed25572ce22bdcc48ff8ffa008018f11e6b7ae0faa06d3d6b365d68c
SHA512

1d6536b0f2ad3349a4d7f7d44ce90da02524fb0ff9451cb2089cb046863cb1024b46c56f4f7615394626f554ae1e71f57ce3cb9441fa7040e66143f8c37787e1
SSDEEP

3072:ykszBKvtbJHYzfMbiGcfQaESRYIl6Q1TTi7:yksFKvgMb4fQCR76Q

Score

10^/10

Malware Config

Extracted

Family

trickbot

Version

1000451

Botnet

ono9

C2

172.245.241.25:443

91.235.129.212:443

195.123.233.162:443

193.124.176.170:443

206.217.143.91:443

23.94.137.179:443

23.94.137.223:443

198.46.190.37:443

92.38.171.12:443

195.123.246.2:443

89.105.203.180:443

104.193.252.147:443

195.133.196.102:443

185.252.144.213:443

195.133.144.87:443

78.155.206.85:443

190.154.203.218:449

189.80.134.122:449

125.99.253.34:449

191.37.181.152:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  c3f53089ed25572ce22bdcc48ff8ffa008018f11e6b7ae0faa06d3d6b365d68c
- Size
  
  100KB
- MD5
  
  78face6532ea097b73d507f3e06bbcac
- SHA1
  
  7bb03b4a49477e3972cafe3609d42a912ef6c770
- SHA256
  
  c3f53089ed25572ce22bdcc48ff8ffa008018f11e6b7ae0faa06d3d6b365d68c
- SHA512
  
  1d6536b0f2ad3349a4d7f7d44ce90da02524fb0ff9451cb2089cb046863cb1024b46c56f4f7615394626f554ae1e71f57ce3cb9441fa7040e66143f8c37787e1
- SSDEEP
  
  3072:ykszBKvtbJHYzfMbiGcfQaESRYIl6Q1TTi7:yksFKvgMb4fQCR76Q
Score

10^/10

trickbot ono9 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Trickbot family

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2