General
-
Target
rwysfwueyp.exe
-
Size
1.2MB
-
Sample
210121-x4ncp6qbba
-
MD5
add4d58d5bd00250c2203653129fb71b
-
SHA1
a74fea06c8e67447176f7a508899ba546316f77c
-
SHA256
1a5d1d3d58f829e1447df95583770da8106382f32ebced394eccda36a921bdf5
-
SHA512
229f5ef900bca3505a9e95e55305006c33dca9c421d4fbe7d403a40c6eee780fa13d5fd87402243ddd2aa1f9a7f1a76bd0cf6f8d8973ce4ca4063da620c29ca5
Malware Config
Extracted
trickbot
2000022
mor1
85.204.116.83:443
91.200.100.143:443
83.151.14.13:443
107.191.61.39:443
113.160.129.15:443
139.162.182.54:443
139.162.44.152:443
144.202.106.23:443
158.247.219.186:443
172.105.107.25:443
172.105.190.51:443
172.105.196.53:443
172.105.25.190:443
178.79.138.253:443
192.46.229.48:443
207.246.92.48:443
216.128.130.16:443
45.79.126.97:443
45.79.155.9:443
45.79.212.97:443
-
autorunName:pwgrab
Targets
-
-
Target
rwysfwueyp.exe
-
Size
1.2MB
-
MD5
add4d58d5bd00250c2203653129fb71b
-
SHA1
a74fea06c8e67447176f7a508899ba546316f77c
-
SHA256
1a5d1d3d58f829e1447df95583770da8106382f32ebced394eccda36a921bdf5
-
SHA512
229f5ef900bca3505a9e95e55305006c33dca9c421d4fbe7d403a40c6eee780fa13d5fd87402243ddd2aa1f9a7f1a76bd0cf6f8d8973ce4ca4063da620c29ca5
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-