General
-
Target
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58
-
Size
624KB
-
Sample
201113-a4etz3xar2
-
MD5
e1d32800e12d4df430e9f016bfba70b3
-
SHA1
2aadf50c972d6dcbd439896a2cb5446f4fa8eebc
-
SHA256
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58
-
SHA512
870fdbdadefbfab69887c50b253270cce3ce9da90092b11a6d26bd4989a98182833f07be7836109ee2e157d698139c8ed1094cf2f53d4483458b50a04410da13
Static task
static1
Behavioral task
behavioral1
Sample
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58.msi
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58.msi
Resource
win10v20201028
Malware Config
Extracted
trickbot
100001
tar2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
-
autorunName:pwgrab
Targets
-
-
Target
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58
-
Size
624KB
-
MD5
e1d32800e12d4df430e9f016bfba70b3
-
SHA1
2aadf50c972d6dcbd439896a2cb5446f4fa8eebc
-
SHA256
cdfee4284b9ef2c76b7198c1e21118c19be395ac76d3485d50d0ff63faa21d58
-
SHA512
870fdbdadefbfab69887c50b253270cce3ce9da90092b11a6d26bd4989a98182833f07be7836109ee2e157d698139c8ed1094cf2f53d4483458b50a04410da13
Score10/10-
Blacklisted process makes network request
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies service
-