General
-
Target
eda7c6be6e44c9d02c7504c9d831d279.exe
-
Size
2.2MB
-
Sample
210202-87n9msgezj
-
MD5
eda7c6be6e44c9d02c7504c9d831d279
-
SHA1
f84031d70e60e13e54a3d8f3d7f62f7ceb4d036b
-
SHA256
35bb6312112b73a106896ed09858f2380f7bed16fdccca80fa2301f6cbf9d03a
-
SHA512
61700669a24f939fe5ac503dadf43832b5bd1682250c167ce0f7cc9778a240291fb3e6b9990c56bf4c79122a531b20a57a20cd4b8f1611052598992464b1acf1
Malware Config
Extracted
trickbot
2000024
tot32
85.93.159.98:449
92.242.214.203:449
202.21.103.194:449
169.239.45.42:449
45.234.248.66:449
103.91.244.102:449
118.67.216.238:449
117.212.193.62:449
201.184.190.59:449
103.29.185.138:449
79.122.166.236:449
37.143.150.186:449
179.191.108.58:449
85.159.214.61:443
149.56.80.31:443
-
autorunName:pwgrab
Targets
-
-
Target
eda7c6be6e44c9d02c7504c9d831d279.exe
-
Size
2.2MB
-
MD5
eda7c6be6e44c9d02c7504c9d831d279
-
SHA1
f84031d70e60e13e54a3d8f3d7f62f7ceb4d036b
-
SHA256
35bb6312112b73a106896ed09858f2380f7bed16fdccca80fa2301f6cbf9d03a
-
SHA512
61700669a24f939fe5ac503dadf43832b5bd1682250c167ce0f7cc9778a240291fb3e6b9990c56bf4c79122a531b20a57a20cd4b8f1611052598992464b1acf1
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-