General
-
Target
5a8282254fc150756f8fef3d823852b055be1e561d6bbcc9b55e71d1f5bb6b81
-
Size
8.0MB
-
Sample
220204-h16p6sfad6
-
MD5
ff5a0025edee17d2f5f29966af06743e
-
SHA1
dfae4d2798c805c41b6515958d1935956d2fec6a
-
SHA256
5a8282254fc150756f8fef3d823852b055be1e561d6bbcc9b55e71d1f5bb6b81
-
SHA512
eb2a742b0d697585e3d7d51c968c0064931949b5dcda368bcf3fa5e88664a511debb031327b1eaf70e80d2fddd396f90820f73f5add7562b5bc3a20b78039e0a
Static task
static1
Behavioral task
behavioral1
Sample
83516-38-0421.doc.lnk
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
83516-38-0421.doc.lnk
Resource
win10v2004-en-20220113
Malware Config
Extracted
trickbot
2000030
rob88
196.43.106.38:443
186.97.172.178:443
37.228.70.134:443
144.48.139.206:443
190.110.179.139:443
172.105.15.152:443
177.67.137.111:443
27.72.107.215:443
186.66.15.10:443
189.206.78.155:443
202.131.227.229:443
185.9.187.10:443
196.41.57.46:443
212.200.25.118:443
197.254.14.238:443
45.229.71.211:443
181.167.217.53:443
181.129.116.58:443
185.189.55.207:443
172.104.241.29:443
14.241.244.60:443
144.48.138.213:443
202.138.242.7:443
202.166.196.111:443
36.94.100.202:443
187.19.167.233:443
181.129.242.202:443
36.94.27.124:443
43.245.216.116:443
186.225.63.18:443
41.77.134.250:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
83516-38-0421.doc.lnk
-
Size
806B
-
MD5
e2e45fc15aecb8462dd677ad1c57e14d
-
SHA1
b8695b4ca5d2b21fb2aca5fe26a2b69c54cf7e78
-
SHA256
e469dd1188b9b0ddc21e9d69e57ec38bd2f0bb1852943fa7926e81cd0ab15ca0
-
SHA512
6d5cd26067ca25cbfc087244b4beb2288d49b6bb2116d0bc50993b6d95dd87a20f4c320296fb95fa8f0402c650dc4045111aed490de513744a00a0631a5c8097
Score10/10-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-