General
-
Target
4b535dbe595f89c3bcaa4f43cc1323a3.virus
-
Size
133KB
-
Sample
211112-wmz75aahhk
-
MD5
4b535dbe595f89c3bcaa4f43cc1323a3
-
SHA1
4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
-
SHA256
e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
-
SHA512
1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d
Behavioral task
behavioral1
Sample
4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
4b535dbe595f89c3bcaa4f43cc1323a3.virus.exe
Resource
win10-en-20211104
Malware Config
Extracted
trickbot
100019
soc1
65.152.201.203:443
185.56.175.122:443
46.99.175.217:443
179.189.229.254:443
46.99.175.149:443
181.129.167.82:443
216.166.148.187:443
46.99.188.223:443
128.201.76.252:443
62.99.79.77:443
60.51.47.65:443
24.162.214.166:443
45.36.99.184:443
97.83.40.67:443
184.74.99.214:443
103.105.254.17:443
62.99.76.213:443
82.159.149.52:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
4b535dbe595f89c3bcaa4f43cc1323a3.virus
-
Size
133KB
-
MD5
4b535dbe595f89c3bcaa4f43cc1323a3
-
SHA1
4162c873be81f5aac6ca0a1ed7f84bfe86ec4262
-
SHA256
e98ca956f4f94b5c8b063327a1fe27fb804bc2e52190a68c577490c3192ae663
-
SHA512
1959b757094e83d24041f3c8e1f993e0df428d87f54a3e8e8dfb0b76922a39027cfc1f1203a91c4c36836c81de94cb870aea33ae8ae4bf8864e93374934ea66d
Score10/10-
suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
suricata: ET MALWARE Win32/TrickBot CnC Initial Checkin M2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-