General
-
Target
trick.dll
-
Size
272KB
-
Sample
201123-ypblgj22k2
-
MD5
5f7b5a98f75f4aa550e4368eb6dc9733
-
SHA1
d835a309e249f5d526529b9a28ed138b1bcfd40b
-
SHA256
c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a
-
SHA512
167e5e1af1c82b9379d4a275f77b373969c0655d0b4f6ea32942d70f18b1147e65ef525e8f8f2d3d27c0ebf914785ce7b15e7808c3ca1700983bbc9eb318ebac
Static task
static1
Behavioral task
behavioral1
Sample
trick.dll
Resource
win7v20201028
Malware Config
Extracted
trickbot
100003
rob7
102.164.206.129:449
103.131.156.21:449
103.131.157.102:449
103.131.157.161:449
103.146.232.5:449
103.150.68.124:449
103.156.126.232:449
103.30.85.157:449
103.52.47.20:449
-
autorunName:pwgrab
Targets
-
-
Target
trick.dll
-
Size
272KB
-
MD5
5f7b5a98f75f4aa550e4368eb6dc9733
-
SHA1
d835a309e249f5d526529b9a28ed138b1bcfd40b
-
SHA256
c2c3bb003eb76cc5f1a9e2bc938c4254f4c4c3b2cc017e9a39d00a88f7ab181a
-
SHA512
167e5e1af1c82b9379d4a275f77b373969c0655d0b4f6ea32942d70f18b1147e65ef525e8f8f2d3d27c0ebf914785ce7b15e7808c3ca1700983bbc9eb318ebac
-
Blacklisted process makes network request
-
Dave packer
Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies service
-