General
-
Target
14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
-
Size
838KB
-
Sample
220602-xeyj1adgbj
-
MD5
c73b681fd96c7b0d8161db0ec6f821a3
-
SHA1
f29151ef218a47c57dabfa7adc8be3879fd1f9c9
-
SHA256
14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
-
SHA512
b1736aaa38ca59aa17a443e5b180bf1e758d18b37798e54e116e45fc6a6fd86d3575548b4288d4381f1a8606a7909b44e1581f0aacf5e81c684cf98fb38139b4
Static task
static1
Behavioral task
behavioral1
Sample
14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000479
trgt98888
192.3.104.46:443
23.94.233.210:443
172.82.152.126:443
192.3.247.11:443
202.29.215.114:449
-
autorunControl:GetSystemInfoName:systeminfoName:pwgrab
Targets
-
-
Target
14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
-
Size
838KB
-
MD5
c73b681fd96c7b0d8161db0ec6f821a3
-
SHA1
f29151ef218a47c57dabfa7adc8be3879fd1f9c9
-
SHA256
14bf422be503835fe71f78ed9305e5ff47a58158533e6913e6998364bed95236
-
SHA512
b1736aaa38ca59aa17a443e5b180bf1e758d18b37798e54e116e45fc6a6fd86d3575548b4288d4381f1a8606a7909b44e1581f0aacf5e81c684cf98fb38139b4
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-