General
-
Target
file5.pellet
-
Size
369KB
-
Sample
201124-bmlpy7t716
-
MD5
9ec3a085d785f3d8091fa3435a1b9584
-
SHA1
1605367d4b3157f29679cd7c045d8a6df2db5c5d
-
SHA256
843fae67108c2580a4590e41d5986191a71fb959959e1b1d40cfab672e15cab6
-
SHA512
de63061d70d284acf33123fb5b2ba87ba61f9af9192f0534b497f22df1083f167b62f83616b0fd83bbf9f4cf871ea215b82324d23567af097bbf573049be0aca
Malware Config
Extracted
trickbot
1000296
sat97
185.222.202.113:443
24.247.181.155:449
174.105.235.178:449
185.111.74.246:443
181.113.17.230:449
174.105.233.82:449
66.60.121.58:449
207.140.14.141:443
42.115.91.177:443
198.12.108.171:443
71.94.101.25:443
206.130.141.255:449
198.46.161.244:443
74.140.160.33:449
65.31.241.133:449
140.190.54.187:449
66.38.80.188:449
24.119.69.70:449
192.3.130.29:443
103.110.91.118:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
file5.pellet
-
Size
369KB
-
MD5
9ec3a085d785f3d8091fa3435a1b9584
-
SHA1
1605367d4b3157f29679cd7c045d8a6df2db5c5d
-
SHA256
843fae67108c2580a4590e41d5986191a71fb959959e1b1d40cfab672e15cab6
-
SHA512
de63061d70d284acf33123fb5b2ba87ba61f9af9192f0534b497f22df1083f167b62f83616b0fd83bbf9f4cf871ea215b82324d23567af097bbf573049be0aca
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-