General
-
Target
Zoomfile.exe
-
Size
490KB
-
Sample
210920-tj9w2shcbm
-
MD5
c2d307861ad9943473ce9dc8e66690ee
-
SHA1
d263626d911c7a3224fbe27d8c0ddb7484e8d1f8
-
SHA256
83f374f57d674ac1abf87f968ba37237e5403bcae01ded47b7a912c4c5a58163
-
SHA512
23acac75862fffa8120bd37030516520d96397e084a3b57555f92d187626b1991b854672034f880afca1847e090203ae89c16ec980b7518791ad2bbd267ae6c4
Static task
static1
Behavioral task
behavioral1
Sample
Zoomfile.exe
Resource
win7v20210408
Malware Config
Extracted
trickbot
100019
rob132
65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
Zoomfile.exe
-
Size
490KB
-
MD5
c2d307861ad9943473ce9dc8e66690ee
-
SHA1
d263626d911c7a3224fbe27d8c0ddb7484e8d1f8
-
SHA256
83f374f57d674ac1abf87f968ba37237e5403bcae01ded47b7a912c4c5a58163
-
SHA512
23acac75862fffa8120bd37030516520d96397e084a3b57555f92d187626b1991b854672034f880afca1847e090203ae89c16ec980b7518791ad2bbd267ae6c4
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-