Analysis
-
max time kernel
30s -
max time network
30s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
17-02-2022 16:35
General
-
Target
52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe
-
Size
660KB
-
MD5
3ba7d3dbc17ce640e0bb3dd5f989169b
-
SHA1
84ee0b6e02339f1deb33d75693551db444923ba8
-
SHA256
52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929
-
SHA512
3a683b35dc6b6c17de5a21171625c3fb5259d60c73867aa81b89cedeef61f1b95cce099cc5bb4fdeb2ddf7f2f0236c6d877970768a7f91330ecfbbc38931a231
Score
10/10
Malware Config
Extracted
Family
trickbot
Version
100001
Botnet
tar2
C2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Attributes
-
autorunName:pwgrab
ecc_pubkey.base64
Signatures
-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe"C:\Users\Admin\AppData\Local\Temp\52da51085e5c6d650abf866b1268ccd81d6c0b2c424e12807dc0ac176ac8c929.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1724-115-0x0000000002300000-0x000000000233E000-memory.dmpFilesize
248KB
-
memory/1724-118-0x0000000002340000-0x000000000237A000-memory.dmpFilesize
232KB
-
memory/1724-119-0x00000000022B0000-0x00000000022EC000-memory.dmpFilesize
240KB
-
memory/1724-120-0x0000000002341000-0x000000000237A000-memory.dmpFilesize
228KB