General
-
Target
4ACA899FF680343889BD9E2D616F1132.exe
-
Size
1.2MB
-
Sample
220112-pgynsacea7
-
MD5
4aca899ff680343889bd9e2d616f1132
-
SHA1
a4d7806fb256d0f7d5acd272b81387d42d5ffda6
-
SHA256
97aa05fceef261ee4ca00025a69280b8f9843ba6531a48ee543eed1f37af8c27
-
SHA512
b482f61f27c489a47c9fa999cf9378a4e3ba7e096c987f9568fb62f7c47c97fc2425d4f99ac056575e775f72cac61cbf505ac14f13e0ff9f3178d9edee69190a
Static task
static1
Behavioral task
behavioral1
Sample
4ACA899FF680343889BD9E2D616F1132.exe
Resource
win7-en-20211208
Malware Config
Extracted
trickbot
2000022
mor1
85.204.116.83:443
91.200.100.143:443
83.151.14.13:443
107.191.61.39:443
113.160.129.15:443
139.162.182.54:443
139.162.44.152:443
144.202.106.23:443
158.247.219.186:443
172.105.107.25:443
172.105.190.51:443
172.105.196.53:443
172.105.25.190:443
178.79.138.253:443
192.46.229.48:443
207.246.92.48:443
216.128.130.16:443
45.79.126.97:443
45.79.155.9:443
45.79.212.97:443
45.79.253.142:443
45.79.90.143:443
66.42.113.16:443
85.159.214.61:443
-
autorunName:pwgrab
Targets
-
-
Target
4ACA899FF680343889BD9E2D616F1132.exe
-
Size
1.2MB
-
MD5
4aca899ff680343889bd9e2d616f1132
-
SHA1
a4d7806fb256d0f7d5acd272b81387d42d5ffda6
-
SHA256
97aa05fceef261ee4ca00025a69280b8f9843ba6531a48ee543eed1f37af8c27
-
SHA512
b482f61f27c489a47c9fa999cf9378a4e3ba7e096c987f9568fb62f7c47c97fc2425d4f99ac056575e775f72cac61cbf505ac14f13e0ff9f3178d9edee69190a
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-