General
-
Target
4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
-
Size
332KB
-
Sample
201115-fmt2s4595x
-
MD5
7bd08efc09ecaf60aa0d8e9ef6980883
-
SHA1
a39464725da9b41eaf297fbedfa12fa4316bbdd5
-
SHA256
4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
-
SHA512
f0b62f1e815467fd7fe952c784b0e92e4807550b88369fb8b8f6acdc74e9b0e283df05fca360989bddab14b8812bc340bcd08b37e862453c7c75441569853299
Static task
static1
Behavioral task
behavioral1
Sample
4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195.exe
Resource
win7v20201028
Malware Config
Extracted
trickbot
1000511
lib724
5.182.211.215:443
144.91.76.208:443
185.99.2.57:443
134.119.191.38:443
195.123.238.17:443
95.171.16.42:443
85.204.116.238:443
185.234.72.242:443
178.157.82.227:443
185.90.61.9:443
45.148.120.205:443
85.204.116.241:443
5.1.81.68:443
51.81.112.191:443
23.239.84.138:443
194.5.250.180:443
194.87.93.114:443
190.214.13.2:449
181.129.104.139:449
181.112.157.42:449
181.129.134.18:449
131.161.253.190:449
121.100.19.18:449
202.29.215.114:449
171.100.142.238:449
190.136.178.52:449
45.6.16.68:449
110.232.76.39:449
122.50.6.122:449
103.12.161.194:449
36.91.45.10:449
103.227.147.82:449
96.9.77.56:449
103.5.231.188:449
110.93.15.98:449
200.171.101.169:449
-
autorunName:pwgrab
Targets
-
-
Target
4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
-
Size
332KB
-
MD5
7bd08efc09ecaf60aa0d8e9ef6980883
-
SHA1
a39464725da9b41eaf297fbedfa12fa4316bbdd5
-
SHA256
4f942d354bd7566e25aacd6a19f611a6354eca07a3a967ce635403af7f783195
-
SHA512
f0b62f1e815467fd7fe952c784b0e92e4807550b88369fb8b8f6acdc74e9b0e283df05fca360989bddab14b8812bc340bcd08b37e862453c7c75441569853299
-
Dave packer
Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
-
Executes dropped EXE
-
Loads dropped DLL
-