General
-
Target
click.php.dll
-
Size
439KB
-
Sample
210504-vy6bjrf15e
-
MD5
cbea511bd35f247e4b4bf7cc5a3a7cbd
-
SHA1
8c0d352934271350cfe6c00b7587e8dc8d062817
-
SHA256
0ae86e5abbc09e96f8c1155556ca6598c22aebd73acbba8d59f2ce702d3115f8
-
SHA512
aec894d9d3aaccccc029c615d283af4946c5150372db0ecdd616a9d491478759068214bf03db11631a5efb59951150d92c1517c2c11d8c6f0ddf5c8f76734fcf
Static task
static1
Behavioral task
behavioral1
Sample
click.php.dll
Resource
win7v20210408
Malware Config
Extracted
trickbot
2000028
rob52
89.250.208.42:449
182.253.184.130:449
31.211.85.110:443
85.112.74.178:449
102.68.17.97:443
103.76.150.14:443
96.9.77.142:443
91.185.236.170:449
87.76.1.81:449
91.225.231.120:443
62.213.14.166:443
81.95.45.234:449
148.216.32.55:443
109.185.139.90:449
202.166.211.197:443
196.41.57.46:449
84.21.206.164:449
190.122.168.219:443
77.95.93.132:449
41.77.134.250:443
87.116.151.237:449
185.205.250.162:443
103.9.188.23:449
78.138.187.231:443
138.185.72.142:443
173.81.4.147:443
31.134.124.90:443
200.90.11.177:449
5.59.205.32:443
-
autorunName:pwgrab
Targets
-
-
Target
click.php.dll
-
Size
439KB
-
MD5
cbea511bd35f247e4b4bf7cc5a3a7cbd
-
SHA1
8c0d352934271350cfe6c00b7587e8dc8d062817
-
SHA256
0ae86e5abbc09e96f8c1155556ca6598c22aebd73acbba8d59f2ce702d3115f8
-
SHA512
aec894d9d3aaccccc029c615d283af4946c5150372db0ecdd616a9d491478759068214bf03db11631a5efb59951150d92c1517c2c11d8c6f0ddf5c8f76734fcf
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-