General
-
Target
131.doc
-
Size
534KB
-
Sample
200916-w52vg1yl1a
-
MD5
3e241f5a1e7be77f25078560c8660351
-
SHA1
ba25c371e75d1a52c1f41c163dc8840626423948
-
SHA256
22d653dab4765e13c5fce0bf46a28a098d05582148fdf3101093f3687b42a5f1
-
SHA512
4f031f6a3e44687ca65ceec847aacf3053feec0882bd5c07febef85ba1a7570ec1f4357446dfc84226448e1d8eb342066eeb3e6e7394d53caadd66223a2ff345
Malware Config
Extracted
trickbot
1000514
ono76
51.89.163.40:443
89.223.126.186:443
45.67.231.68:443
148.251.185.165:443
194.87.110.144:443
213.32.84.27:443
185.234.72.35:443
45.89.125.148:443
195.123.240.104:443
185.99.2.243:443
5.182.211.223:443
195.123.240.113:443
85.204.116.173:443
5.152.210.188:443
103.36.48.103:449
36.94.33.102:449
36.91.87.227:449
177.190.69.162:449
103.76.169.213:449
179.97.246.23:449
-
autorunName:pwgrab
Targets
-
-
Target
131.doc
-
Size
534KB
-
MD5
3e241f5a1e7be77f25078560c8660351
-
SHA1
ba25c371e75d1a52c1f41c163dc8840626423948
-
SHA256
22d653dab4765e13c5fce0bf46a28a098d05582148fdf3101093f3687b42a5f1
-
SHA512
4f031f6a3e44687ca65ceec847aacf3053feec0882bd5c07febef85ba1a7570ec1f4357446dfc84226448e1d8eb342066eeb3e6e7394d53caadd66223a2ff345
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-