General
-
Target
a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac
-
Size
400KB
-
Sample
210324-q29rbhyrqe
-
MD5
e6773f8149a687f25aadcf88f1dcbe07
-
SHA1
9850cde46a97514ca56be1fbf0870744b1582c1d
-
SHA256
a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac
-
SHA512
bfb8cef0b439f5ac16f041b7a0ba37f142a641a12bca505a948ecb1edb82d44088cfffac891ec0a830b1b953e903d0e65e4a759e3639295bbb3413703c263ee7
Static task
static1
Behavioral task
behavioral1
Sample
a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac.dll
Resource
win7v20201028
Malware Config
Extracted
trickbot
100011
mon73
194.5.249.156:443
142.202.191.164:443
193.8.194.96:443
45.155.173.242:443
108.170.20.75:443
185.163.45.138:443
94.140.114.136:443
134.119.186.202:443
200.52.147.93:443
45.230.244.20:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
-
autorunName:pwgrab
Targets
-
-
Target
a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac
-
Size
400KB
-
MD5
e6773f8149a687f25aadcf88f1dcbe07
-
SHA1
9850cde46a97514ca56be1fbf0870744b1582c1d
-
SHA256
a8860ec41711e5a40dc818afd756800b1913bfc7bd724048e0832282cb09a6ac
-
SHA512
bfb8cef0b439f5ac16f041b7a0ba37f142a641a12bca505a948ecb1edb82d44088cfffac891ec0a830b1b953e903d0e65e4a759e3639295bbb3413703c263ee7
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-