General
-
Target
dop12
-
Size
424KB
-
Sample
210915-s7gdzaeaan
-
MD5
31abfa41fa7ee1a3f49f53017e241312
-
SHA1
5a941a881d2cdadf2463555185a8ef1632b38b2a
-
SHA256
8257670ce02db5845c976e2793008242119c3414a772b369f3fa63da3201adce
-
SHA512
7dc46bb0f0af8a3584f8a0b3fd4e3504b53dae5ce317b3f8a2f54da0deac3cb95022b1b83075dec72bd3bfea0ae87d46d807d3ba5a8d06f2f1bdd497b0de50bd
Static task
static1
Behavioral task
behavioral1
Sample
dop12.dll
Resource
win7-en
Malware Config
Extracted
trickbot
2000034
zem1
103.36.126.221:443
84.236.171.231:443
14.102.72.204:443
176.100.4.31:443
165.73.90.187:443
103.23.237.6:443
122.117.90.133:443
103.61.100.252:443
36.95.110.19:443
103.65.193.144:443
117.220.229.162:443
103.113.105.126:443
14.102.46.9:443
139.255.199.196:443
157.119.215.186:443
151.106.48.226:443
36.91.36.29:443
117.196.235.194:443
14.102.188.227:443
103.75.32.38:443
45.116.106.45:443
103.94.0.178:443
117.204.253.199:443
117.212.195.251:443
14.102.15.100:443
203.115.106.98:443
117.252.69.134:443
103.127.67.38:443
117.212.192.15:443
103.61.100.117:443
103.122.108.44:443
103.47.170.149:443
36.37.99.242:443
103.93.176.237:443
103.61.100.10:443
14.102.15.101:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
dop12
-
Size
424KB
-
MD5
31abfa41fa7ee1a3f49f53017e241312
-
SHA1
5a941a881d2cdadf2463555185a8ef1632b38b2a
-
SHA256
8257670ce02db5845c976e2793008242119c3414a772b369f3fa63da3201adce
-
SHA512
7dc46bb0f0af8a3584f8a0b3fd4e3504b53dae5ce317b3f8a2f54da0deac3cb95022b1b83075dec72bd3bfea0ae87d46d807d3ba5a8d06f2f1bdd497b0de50bd
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-