General
-
Target
superts.dll
-
Size
415KB
-
Sample
210126-3dwztyyhn2
-
MD5
71d7040364ab0d4a514506b6d06b3b9c
-
SHA1
96901f457beba35e820983730150f2ad0dd603f5
-
SHA256
703b0b0e263ba5c02e94598941cdbef5e44fe6e0c544a4943a2ead352c95ef9a
-
SHA512
60045768f7cf9db3f0ec4c452ec4576b813c50c81f1820f30d37781de81bf01b288cbd4e44c340340624285df7fea2bdd0c86ed7842f9ee2fb55b71bb305c75f
Static task
static1
Behavioral task
behavioral1
Sample
superts.dll
Resource
win10v20201028
Malware Config
Extracted
trickbot
2000023
rob2
107.191.61.39:443
139.162.44.152:443
144.202.106.23:443
158.247.219.186:443
172.105.107.25:443
172.105.190.51:443
172.105.196.53:443
172.105.25.190:443
178.79.138.253:443
192.46.229.48:443
216.128.130.16:443
45.79.126.97:443
45.79.212.97:443
45.79.90.143:443
66.42.113.16:443
85.159.214.61:443
94.140.114.188:443
172.83.155.154:443
149.56.80.31:443
46.105.84.141:443
192.210.198.6:443
51.77.124.137:443
45.89.127.70:443
185.163.47.193:443
94.140.115.34:443
78.138.98.137:443
45.86.74.111:443
-
autorunName:pwgrab
Targets
-
-
Target
superts.dll
-
Size
415KB
-
MD5
71d7040364ab0d4a514506b6d06b3b9c
-
SHA1
96901f457beba35e820983730150f2ad0dd603f5
-
SHA256
703b0b0e263ba5c02e94598941cdbef5e44fe6e0c544a4943a2ead352c95ef9a
-
SHA512
60045768f7cf9db3f0ec4c452ec4576b813c50c81f1820f30d37781de81bf01b288cbd4e44c340340624285df7fea2bdd0c86ed7842f9ee2fb55b71bb305c75f
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-