General
-
Target
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409
-
Size
388KB
-
Sample
220204-yysnjaehd6
-
MD5
3eddc2760b59562058025f42bc60fc32
-
SHA1
bca09f230f9457d6ed5d5325854df1824d4375f7
-
SHA256
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409
-
SHA512
5d83ce9b8fbfc894a533542b66cecbb7343c3df44d656156fecce246b013cd55ca359238f67b8e3a364865b605b24d65169109f3afaf37bee14a5bc6152dc316
Static task
static1
Behavioral task
behavioral1
Sample
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
trickbot
1000487
mor56
146.185.253.174:443
146.185.219.50:443
51.89.73.144:443
5.182.210.30:443
146.185.253.107:443
94.156.35.206:443
103.75.117.188:443
172.245.159.121:443
188.165.62.47:443
167.86.123.83:443
107.172.235.24:443
85.204.116.154:443
5.2.72.102:443
146.185.253.175:443
107.181.187.221:443
45.141.100.190:443
162.247.155.113:443
103.219.213.102:449
117.255.221.135:449
189.28.185.50:449
177.105.242.229:449
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
190.142.200.108:449
181.196.207.202:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
117.196.233.79:449
103.196.211.212:449
178.183.150.169:449
81.190.160.139:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
190.72.235.47:449
181.129.134.18:449
103.255.10.24:449
31.214.138.207:449
190.13.160.19:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
-
autorunName:pwgrab
Targets
-
-
Target
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409
-
Size
388KB
-
MD5
3eddc2760b59562058025f42bc60fc32
-
SHA1
bca09f230f9457d6ed5d5325854df1824d4375f7
-
SHA256
2baf66b83d6cd0b52e3dae66c42a0a3a3c279319c68b77e02141a2c355698409
-
SHA512
5d83ce9b8fbfc894a533542b66cecbb7343c3df44d656156fecce246b013cd55ca359238f67b8e3a364865b605b24d65169109f3afaf37bee14a5bc6152dc316
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Sets service image path in registry
-