Trusted Design

Dumping Core: Analytical Findings on Trojan.Corebot

概要

The Corebot malware family is relatively new and was first documented by Security Intelligence. Since then, it has evolved fairly rapidly and has added new capabilities, as reported. It now appears to be in the league of full-blown banking trojans such as Dyreza, Neverquest/Vawtrak, Zeus, etc. This report documents some of our recent findings regarding its cryptography, network behavior, and banking targets.

Created: 2026-02-23

Indicators

• FileHash-SHA256 - b836ae7b121748eba396b9d6e8c360cec3aea4cfd90f6f39cdea7c973ddd33c6 -
• FileHash-MD5 - 5a830e5a3120e7b651e14f864ea26474 -
• FileHash-MD5 - 0a9f3ba2f77410b5ea4a43c05b0d3695 -
• FileHash-SHA1 - 4da82ff3320e5787f24c3f364aa23c6266e171a1 -
• FileHash-MD5 - 9b2d1892375084826c345d35db5f578d -
• FileHash-SHA1 - 2759877b9a59206bca09f1392569d50af74ed773 -
• FileHash-SHA1 - 4edef3e1056cbcd1b684559ccc394a0d0376ace1 -
• FileHash-SHA256 - 67870d2623433a0ddfc1a308c23aa52cadae2ddcfab9a40c20ef9837f58c89af -
• FileHash-SHA256 - ee69d1435900a1cf361904bce696c4f92cd2ed090098867ee31ae7e61bdbdbfe -
• FileHash-SHA256 - 04a7f5f33a1deb0eeef8f3cb71921addb3870477a13a56bb0dacda8d5a0082ca -
• FileHash-SHA256 - fc98efc51f2e2218d610aea173b4dad0f0ac0ee48a56cce80ab88a3eeda4f9d9 -
• FileHash-SHA1 - 520a2ecd5c854c730fd4d2546a6f392c9983b413 -
• FileHash-SHA256 - 7f24fcf9dbe6dabeb55dc60e4057c51868e95306996d1bab95fad6d09dd5c69c -
• FileHash-MD5 - 426fcbb2aa54419b15db8849b51dd0df -
• FileHash-SHA1 - 99564255330622e2c170152d504eccd3bb2f917f -
• FileHash-SHA256 - 47f4105cd981857f9eb1a039b60fe72b3189890abdb93798af9326c532c93c8d -
• FileHash-SHA256 - 8522deef2c60c3b1688fcf9f3d544b289f7b17ccbb01c59c79fb1e58da8262d7 -
• FileHash-SHA256 - 093cfed30317adc35087d576a98a5305b32e8645a171bb214e0994d4c1f8181d -
• FileHash-SHA256 - 9001118f6e61711cd87db74d909cf225d49fb93f759291c8de550745fba039c1 -
• domain - tychebruke.com -
• FileHash-SHA1 - eaa88f1fa700402dde290c83ee024325da4e15ca -
• FileHash-SHA256 - e47a719742977011c25ea0ddb97f6754f210cf17d467a8ba85916f8be3d9603d -
• FileHash-SHA1 - bbe5ea4ce66d0be55eaecbe768ea4a7b71d3246d -
• FileHash-MD5 - f6a1d72ee86ef6e2723c3b21e53c87ac -
• FileHash-SHA1 - 2dcc298564f1cd90854288b2ec57e81ab3311020 -
• domain - bonetakus.com -
• FileHash-SHA256 - 0ce3290ed92979a5f13fbb799d7128e9dbc579e3f1bea3b560551a73f482de8f -
• FileHash-MD5 - 223fb43eb6877a5eeec49dc496bd8d2f -
• FileHash-SHA256 - 1c814889d44e34ef833431c273fb77d4a504fc525ea03bd2585917b17ae9459c -
• domain - pomppondy.net -
• FileHash-SHA256 - 4315465dee1985e01a78b307904acaa72b13a8465b18f18e060e4b9006aeb7b5 -
• FileHash-SHA256 - 0711e7f5a4a652e08fad5fcbaa5cbccdc2dfc220909e87ea021c8f7f6e060f4f -
• FileHash-SHA1 - 442adf4d774abe46769c7156ad170201995c3686 -
• FileHash-SHA1 - ce1f0b7dfd91fec1dd0b9a539f7a2c12f2be39b2 -
• FileHash-MD5 - 2eed0e65ae1fca2e9c0d3902211ac832 -
• URL - http://pomppondy.net/gate/ -
• FileHash-SHA1 - 22e054039f63827e024d876d7daf82ebcdb4e3f9 -
• FileHash-SHA256 - d747e02d341ac5be875174cf23f6733c402efb93c6f091a61d8af27b9e944737 -
• FileHash-MD5 - 60b1e48ee44fcc9c3a291f67edebcfbc -
• FileHash-SHA256 - 0144d51a7d24c4898d254ec5bcdc326ad5c19f67830e532d5b298a2b77092291 -
• FileHash-SHA1 - 5333e2b8f3a853908905f4a3c1995c4ea9c27b26 -
• FileHash-MD5 - 7fcffef11cc4efcb9b511276df4dde48 -
• FileHash-SHA256 - ce925e53628cbd2ae02ad3170be25433e19ad49270ad60ed49e3244901037dc0 -
• FileHash-MD5 - 35a09d67bee10c6aff48826717680c1c -
• FileHash-SHA1 - 9403d2136163a23984ce075651ca38900e72e1a4 -
• FileHash-MD5 - de6ce3aadced9d55906244515a2b3761 -
• FileHash-MD5 - ac3c8683b7683021b079c4e9a627dd08 -
• FileHash-MD5 - 2cc60c421f91ffb626185f7ccc3c03bb -
• FileHash-SHA1 - 4328433cbff9bc9b3e54308475068427c79223cc -
• FileHash-MD5 - b01f23b631d1f7d9e7d67a23ef384b8e -
• FileHash-MD5 - 854d7769ed01915df8374ff18ae6785e -
• FileHash-SHA1 - 31266760bf185165b9334077c2a3759f8f73c5eb -
• FileHash-SHA1 - f55437257cd8a458892a6bb0bcff3a0eedfbd746 -
• FileHash-MD5 - 67f57a975482c76d672a689d416ab8fc -
• FileHash-SHA256 - 5cf1d42975cfa2c2b593cb6bc862aa56e1fc91e4ec31f762ef57df78d2d62489 -
• URL - http://tychebruke.com/gate/ -
• FileHash-SHA1 - eb87b5e6e51917512dc550befb3f733d64974006 -
• FileHash-SHA1 - c6ecdc59edd218c26fa9a4b41f45bf62e0bf696d -
• URL - https://bonetakus.com/s/g.php -
• FileHash-MD5 - dbe4144800714233fe8479bbaab107d8 -
• FileHash-SHA256 - 04c4ae13e817c06366019119e5671c29cbdb3f897b0503f3571194e707ab9bd2 -
• FileHash-MD5 - 00f9432b5737156b6a8294edc230ebe1 -
• FileHash-SHA1 - 7cf0bcf624bb7652ab0ea73b312ae8beb8bca78c -
• FileHash-SHA256 - 30dfb1648dbb373fe61feabad027ed7857103654f1bd421e81a9f3d807f3e1db -
• FileHash-MD5 - 7a9d63c785d9ddd601dfd82b3b6dcc21 -
• FileHash-MD5 - a4202c17a07e8dcb4ad0bf20d965acaf -
• FileHash-SHA1 - 737c5021911c947f4ed7de8806a97b5a76de8ca2 -
• FileHash-SHA1 - f923923e7af017e77e80d57578cfd88b990ce1e5 -
• FileHash-SHA1 - 3f3d0a5cdc33ac79f9d03ad41c6cdcb37768eae0 -
• FileHash-MD5 - bd037bf733845efb883e804a24a967f5 -
• FileHash-MD5 - a0a5c6a7240b4325fe957a1d8cc1bf3a -
• FileHash-SHA256 - c5f06541cda018fb71499008adf1e77a57b9f6912b92e478b6b82c430f608d91 -

類似Pulses

• Online Shop Selling Account Data Linked to CoreBot Malware (score: 0.75)
• Ties Between Corebot and Darknet Crypt Service (score: 0.72)
• Tale of the Two Payloads – TrickBot and Nitol (score: 0.70)
• CoreBot activity linked to stolen information sold online (score: 0.70)
• US Banks Targeted with Trickbot Trojan - FlashPoint (score: 0.65)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る