General
-
Target
ACT96MC98SD.bin
-
Size
260KB
-
Sample
201024-89mfnb21be
-
MD5
a7ddc63878394313d1a854e22b1c323f
-
SHA1
f4dae0a6e298a594faa76aac8f362030226fab77
-
SHA256
4f9ee40b7d76b088cefa490c13237ad5bcfac195dbbac32d5f14d002189fa2c9
-
SHA512
40fd700b40e52f426f4255bb7993736548f647f3a4831ee970f3128454cdabf15dc4f58c6c3a4fd635941f1703fce6acccfc355a94f7370a61649f577c553302
Static task
static1
Behavioral task
behavioral1
Sample
ACT96MC98SD.bin.dll
Resource
win7
Behavioral task
behavioral2
Sample
ACT96MC98SD.bin.dll
Resource
win7
Behavioral task
behavioral3
Sample
ACT96MC98SD.bin.dll
Resource
win10
Malware Config
Extracted
trickbot
4294967043
ono95
45.67.231.68:443
92.62.65.163:449
186.159.8.218:449
200.116.232.186:449
36.91.87.227:449
103.76.169.213:449
181.143.186.42:449
179.127.88.41:449
103.66.10.87:449
199.38.120.77:449
208.86.162.249:449
199.38.120.90:449
-
autorunName:pwgrab
Targets
-
-
Target
ACT96MC98SD.bin
-
Size
260KB
-
MD5
a7ddc63878394313d1a854e22b1c323f
-
SHA1
f4dae0a6e298a594faa76aac8f362030226fab77
-
SHA256
4f9ee40b7d76b088cefa490c13237ad5bcfac195dbbac32d5f14d002189fa2c9
-
SHA512
40fd700b40e52f426f4255bb7993736548f647f3a4831ee970f3128454cdabf15dc4f58c6c3a4fd635941f1703fce6acccfc355a94f7370a61649f577c553302
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-