Overview

overview

10

Static

static

SecuriteIn...25.exe

windows7_x64

10

SecuriteIn...25.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Generic.mg.1044ad70fad41bf6.6525

  • Size

    540KB

  • Sample

    200629-8pm6sv92wa

  • MD5

    1044ad70fad41bf6a0e6bce33cfe2385

  • SHA1

    61cedd6522cf7e43e70da89f838ddfabcaf3efc5

  • SHA256

    3a7aeb8afd9e1bdb9e8d83cea2b3d4a981be1ea951c46e48cf6c96a9852d1d14

  • SHA512

    b609a912fe1a96fd05ec9d688d1d11e8fdb5c5307c26301fbde6ccb622561518aeec553795947780d8939ee0cbfaa0bb71a850529cf9a0c1703227b2b8750628

Score
10/10
trickbotono51bankertrojan

Malware Config

Extracted

Family

trickbot

Version

1000512

Botnet

ono51

C2

95.171.16.42:443

185.90.61.9:443

5.1.81.68:443

185.99.2.65:443

134.119.191.11:443

85.204.116.100:443

78.108.216.47:443

51.81.112.144:443

194.5.250.121:443

185.14.31.104:443

185.99.2.66:443

107.175.72.141:443

192.3.247.123:443

134.119.191.21:443

85.204.116.216:443

91.235.129.20:443

181.129.104.139:449

181.112.157.42:449

181.129.134.18:449

131.161.253.190:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Targets

    • Target

      SecuriteInfo.com.Generic.mg.1044ad70fad41bf6.6525

    • Size

      540KB

    • MD5

      1044ad70fad41bf6a0e6bce33cfe2385

    • SHA1

      61cedd6522cf7e43e70da89f838ddfabcaf3efc5

    • SHA256

      3a7aeb8afd9e1bdb9e8d83cea2b3d4a981be1ea951c46e48cf6c96a9852d1d14

    • SHA512

      b609a912fe1a96fd05ec9d688d1d11e8fdb5c5307c26301fbde6ccb622561518aeec553795947780d8939ee0cbfaa0bb71a850529cf9a0c1703227b2b8750628

    Score
    10/10
    trojanbankertrickbot

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks