General
-
Target
mon27.dll
-
Size
330KB
-
Sample
201223-1serqgjcmn
-
MD5
870629b1f82af39abfcff099a02909a3
-
SHA1
cc1437651e0f6b4a881d61539e7ae84551853e03
-
SHA256
376dc2baf8297415c4d105796fd6bbd3316b7eb7748212ace3493e37ac17454f
-
SHA512
22fdfaa6ca256d980063ad199f30036504375d84cd12e5f35436b49c64ca6ea4b686ac85975cfbae53cfe4212e32781642039b6716666b3495cbb1d68487dfb4
Static task
static1
Behavioral task
behavioral1
Sample
mon27.dll
Resource
win7v20201028
Malware Config
Extracted
trickbot
100007
mon27
41.243.29.182:449
196.45.140.146:449
103.87.25.220:443
103.98.129.222:449
103.87.25.220:449
103.65.196.44:449
103.65.195.95:449
103.61.101.11:449
103.61.100.131:449
103.150.68.124:449
103.137.81.206:449
103.126.185.7:449
103.112.145.58:449
103.110.53.174:449
102.164.208.48:449
102.164.208.44:449
-
autorunName:pwgrab
Targets
-
-
Target
mon27.dll
-
Size
330KB
-
MD5
870629b1f82af39abfcff099a02909a3
-
SHA1
cc1437651e0f6b4a881d61539e7ae84551853e03
-
SHA256
376dc2baf8297415c4d105796fd6bbd3316b7eb7748212ace3493e37ac17454f
-
SHA512
22fdfaa6ca256d980063ad199f30036504375d84cd12e5f35436b49c64ca6ea4b686ac85975cfbae53cfe4212e32781642039b6716666b3495cbb1d68487dfb4
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Dave packer
Detects executable packed with a packer named 'Dave' from the community, due to a string at the end of it.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-