General
-
Target
e05481bb599b26fe2ec4526d5f5b6cd8.exe
-
Size
2.2MB
-
Sample
210202-fh53dg9k3s
-
MD5
e05481bb599b26fe2ec4526d5f5b6cd8
-
SHA1
308964545c9481c2d036d264b30a477af8fbef7e
-
SHA256
428f80c67264709313cca17c2665edb3bf34bd1381d9211ccfb27a6ff5da3a89
-
SHA512
bbc89c8a4426490a0fca55cce65c8892797fb6d8207124311e74f7538fecfabd7023a96928ce5fe53976c74bbb7dc06e1b567c2160619f123bc4e2acfb3704d2
Static task
static1
Behavioral task
behavioral1
Sample
e05481bb599b26fe2ec4526d5f5b6cd8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e05481bb599b26fe2ec4526d5f5b6cd8.exe
Resource
win10v20201028
Malware Config
Extracted
trickbot
2000024
tot32
85.93.159.98:449
92.242.214.203:449
202.21.103.194:449
169.239.45.42:449
45.234.248.66:449
103.91.244.102:449
118.67.216.238:449
117.212.193.62:449
201.184.190.59:449
103.29.185.138:449
79.122.166.236:449
37.143.150.186:449
179.191.108.58:449
85.159.214.61:443
149.56.80.31:443
-
autorunName:pwgrab
Targets
-
-
Target
e05481bb599b26fe2ec4526d5f5b6cd8.exe
-
Size
2.2MB
-
MD5
e05481bb599b26fe2ec4526d5f5b6cd8
-
SHA1
308964545c9481c2d036d264b30a477af8fbef7e
-
SHA256
428f80c67264709313cca17c2665edb3bf34bd1381d9211ccfb27a6ff5da3a89
-
SHA512
bbc89c8a4426490a0fca55cce65c8892797fb6d8207124311e74f7538fecfabd7023a96928ce5fe53976c74bbb7dc06e1b567c2160619f123bc4e2acfb3704d2
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-