General
-
Target
5618890544807936.zip
-
Size
275KB
-
Sample
210201-e7sr8alcz2
-
MD5
453d814b297202a01e84b1e260889b71
-
SHA1
6e6d7149a361fa80451af628b855e972acd8fb13
-
SHA256
22fe4895341fb68bde7c94503e40af50ff764ac4697bbc86964140556e360baf
-
SHA512
8813d1f26a713485d2ff77c21bd81a228aecebcd18a4241f9dddad78b07eda02442d62385cb5e4670f81cfb82d948cd90cf2db1d1887988713ff772a981b4df5
Static task
static1
Behavioral task
behavioral1
Sample
8d6f00e5fd9873adbb197131fe6e6eec178ee9ade06f8aa5d3a9fc7cb42771ee.dll
Resource
win7v20201028
Malware Config
Extracted
trickbot
100010
rob44
5.34.180.180:443
64.74.160.228:443
198.46.198.116:443
5.34.180.185:443
107.152.46.188:443
195.123.241.214:443
23.254.224.2:443
107.172.188.113:443
200.52.147.93:443
185.198.59.45:443
45.14.226.101:443
185.82.126.38:443
85.204.116.139:443
45.155.173.248:443
103.91.244.50:443
45.230.244.20:443
45.226.124.226:443
187.84.95.6:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
180.92.158.244:443
-
autorunName:pwgrab
Targets
-
-
Target
8d6f00e5fd9873adbb197131fe6e6eec178ee9ade06f8aa5d3a9fc7cb42771ee
-
Size
358KB
-
MD5
e079b373bb72a2639c2fe1c2b61e9e71
-
SHA1
00e2d85bfc59b24855f53388a4d0fe6324bfdf31
-
SHA256
8d6f00e5fd9873adbb197131fe6e6eec178ee9ade06f8aa5d3a9fc7cb42771ee
-
SHA512
ca469c4e6fc025ec84b30a9177240c92472da98198197480e5a5c631c7ba9228ba0970192d6a51e4dcca86cb3841dd813f3020c01bab8e9aa68a8c4517792110
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-