Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
13-01-2021 00:25
Behavioral task
behavioral1
Sample
4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe
Resource
win7v20201028
General
-
Target
4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe
-
Size
143KB
-
MD5
2edc1cb60be3e26499aacd0fc020b84c
-
SHA1
57166481954064f580c03e40578a6c1e1f84ca16
-
SHA256
4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44
-
SHA512
47174ca93b693f4b6f3fdfc7ceaf122b1cb4b6cf6115ebc1d16e998919a2d4b0472b7e49f081e8b7ea2706c31b0e16bc62f6f0fa6a5e12b8c7ddc71ad7f6a118
Malware Config
Extracted
trickbot
100010
rob35
5.34.180.180:443
64.74.160.228:443
198.46.198.116:443
5.34.180.185:443
107.152.46.188:443
195.123.241.214:443
23.254.224.2:443
107.172.188.113:443
200.52.147.93:443
185.198.59.45:443
45.14.226.101:443
185.82.126.38:443
85.204.116.139:443
45.155.173.248:443
103.91.244.50:443
45.230.244.20:443
45.226.124.226:443
187.84.95.6:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
180.92.158.244:443
-
autorunName:pwgrab
Signatures
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 13 ipinfo.io -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exedescription pid process Token: SeDebugPrivilege 1580 4688b85694f1dc6cf64e4cbe54d2a3ffde339581541c76af60c45ea1d4b35f44.bin.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1580-2-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB