General
-
Target
278605aa9843e8eabd5e7cdc83de8a7eeb76c29a19bb41f88bed78f844d94425
-
Size
360KB
-
Sample
200211-8be4gs1tme
-
MD5
7e53c0a0ac03dd4bf00b5856856e75f9
-
SHA1
4df92e97c70988a5fbc63611cfd2e4f5821c9773
-
SHA256
278605aa9843e8eabd5e7cdc83de8a7eeb76c29a19bb41f88bed78f844d94425
-
SHA512
210b729fa990af0bd447405a0f428bcff56bb25dc47fb45805e0d237bce6e66df3458d91d66e8264db4a5b39b34412278792aef9c8902611db93bdc88d5f9cbf
Malware Config
Extracted
trickbot
1000497
jim666
5.182.210.226:443
5.182.210.246:443
82.146.62.52:443
198.8.91.10:443
195.123.221.53:443
51.89.115.116:443
164.68.120.56:443
85.204.116.237:443
5.2.75.167:443
93.189.42.146:443
185.252.144.174:443
81.177.165.145:443
217.107.34.151:443
146.185.219.165:443
194.87.238.87:443
146.185.253.18:443
194.5.250.155:443
195.123.216.223:443
185.99.2.160:443
5.182.210.230:443
-
autorunName:pwgrab
Targets
-
-
Target
278605aa9843e8eabd5e7cdc83de8a7eeb76c29a19bb41f88bed78f844d94425
-
Size
360KB
-
MD5
7e53c0a0ac03dd4bf00b5856856e75f9
-
SHA1
4df92e97c70988a5fbc63611cfd2e4f5821c9773
-
SHA256
278605aa9843e8eabd5e7cdc83de8a7eeb76c29a19bb41f88bed78f844d94425
-
SHA512
210b729fa990af0bd447405a0f428bcff56bb25dc47fb45805e0d237bce6e66df3458d91d66e8264db4a5b39b34412278792aef9c8902611db93bdc88d5f9cbf
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-