General
-
Target
dilaryi8.exe
-
Size
343KB
-
Sample
200824-h2pr53zak6
-
MD5
d02406a2b62215dc5d5a42e0c8e15f6e
-
SHA1
7ffa70f90eb6bf01b2b7f3b2fde2fbe93ba6acc4
-
SHA256
274170f2acf032561911675964fe1852e63e5af6bf97c3a76d6273cf7b5bf1c0
-
SHA512
c6879fa99d961dc1bfc07e136d89054ca94087ca8e3fa50b12b389c983b4e46eae6243cb756947e11eb62c458f8e8b9f652a3069c5ab738575a0c2bd844658b7
Malware Config
Extracted
trickbot
1000102
mac1
79.106.41.9:449
185.21.149.41:449
200.111.97.235:449
67.209.219.92:449
209.205.188.238:449
73.252.252.62:449
76.16.105.16:449
82.202.236.84:443
78.155.199.124:443
179.43.160.45:443
94.250.253.142:443
5.200.55.47:443
37.60.177.19:443
94.250.255.50:443
82.146.48.44:443
194.87.93.30:443
194.87.94.225:443
195.62.53.88:443
82.146.48.241:443
195.88.209.128:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
dilaryi8.exe
-
Size
343KB
-
MD5
d02406a2b62215dc5d5a42e0c8e15f6e
-
SHA1
7ffa70f90eb6bf01b2b7f3b2fde2fbe93ba6acc4
-
SHA256
274170f2acf032561911675964fe1852e63e5af6bf97c3a76d6273cf7b5bf1c0
-
SHA512
c6879fa99d961dc1bfc07e136d89054ca94087ca8e3fa50b12b389c983b4e46eae6243cb756947e11eb62c458f8e8b9f652a3069c5ab738575a0c2bd844658b7
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Windows security bypass
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-