General
-
Target
01b6ab63f7078d952ed1a18850ac202bc201aa6210592c108a2e0a4d16f06fc5
-
Size
432KB
-
Sample
210324-k7gzbg9m4a
-
MD5
6a653a2eb2417619f4cf1f4e0132b39f
-
SHA1
bce93fda262914a83ef7590eab8908a97f9cbd09
-
SHA256
01b6ab63f7078d952ed1a18850ac202bc201aa6210592c108a2e0a4d16f06fc5
-
SHA512
eb4d9d8e702cb0cf0162e160b7bb5661ea5fd0faf58845477172051a2049cc4fe9984fdcea25b916515e55fa773d7e31ed45a4b76b5af7a974120c631f8bcf1e
Static task
static1
Behavioral task
behavioral1
Sample
01b6ab63f7078d952ed1a18850ac202bc201aa6210592c108a2e0a4d16f06fc5.dll
Resource
win7v20201028
Malware Config
Extracted
trickbot
2000027
rob35
174.105.236.140:443
67.79.117.70:443
162.155.225.130:443
70.235.74.189:443
72.164.254.204:443
173.219.76.169:443
98.6.253.142:443
137.27.167.58:443
24.182.101.64:449
50.208.68.153:443
67.212.241.127:443
99.147.197.147:443
216.186.128.26:443
174.105.233.82:443
70.119.220.241:443
70.125.241.196:443
24.153.175.236:443
96.68.79.18:443
75.87.15.158:443
47.190.2.12:443
72.180.57.176:443
173.198.151.86:443
47.51.219.98:443
162.155.10.150:443
162.155.69.74:443
71.15.77.155:443
-
autorunName:pwgrab
Targets
-
-
Target
01b6ab63f7078d952ed1a18850ac202bc201aa6210592c108a2e0a4d16f06fc5
-
Size
432KB
-
MD5
6a653a2eb2417619f4cf1f4e0132b39f
-
SHA1
bce93fda262914a83ef7590eab8908a97f9cbd09
-
SHA256
01b6ab63f7078d952ed1a18850ac202bc201aa6210592c108a2e0a4d16f06fc5
-
SHA512
eb4d9d8e702cb0cf0162e160b7bb5661ea5fd0faf58845477172051a2049cc4fe9984fdcea25b916515e55fa773d7e31ed45a4b76b5af7a974120c631f8bcf1e
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-