General
-
Target
126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef
-
Size
600KB
-
Sample
201115-wakft648gn
-
MD5
842590a5c639634c2ab40919616fb7f0
-
SHA1
b36cb812850b41394bb50172faddb44ade00fcdf
-
SHA256
126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef
-
SHA512
a3a75692a5d97bb9f5181e2376cd1b08ca1053ca1b904496632b970df286ad11af2a540d1ac30c0c2a558b95d79e3fc2eaaa0844448dcad038bc555a1cbde9a9
Static task
static1
Behavioral task
behavioral1
Sample
126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef.exe
Resource
win7v20201028
Malware Config
Extracted
trickbot
2000016
lib7
202.136.89.226:449
202.169.244.252:449
203.176.135.38:449
212.3.104.50:449
41.203.215.122:449
41.41.179.239:449
43.239.152.240:449
43.242.141.59:449
43.245.216.190:449
43.255.113.180:449
45.230.8.34:449
45.233.25.6:449
78.138.128.20:449
49.156.41.74:449
-
autorunName:pwgrab
Targets
-
-
Target
126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef
-
Size
600KB
-
MD5
842590a5c639634c2ab40919616fb7f0
-
SHA1
b36cb812850b41394bb50172faddb44ade00fcdf
-
SHA256
126119655bf88be629e8cb7af17b74ed7316557a170e43bb518ce3072d1b6aef
-
SHA512
a3a75692a5d97bb9f5181e2376cd1b08ca1053ca1b904496632b970df286ad11af2a540d1ac30c0c2a558b95d79e3fc2eaaa0844448dcad038bc555a1cbde9a9
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-