General
-
Target
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860
-
Size
355KB
-
Sample
220620-dpg58acefp
-
MD5
071b4497f6f663133e9d2c5b9fc15c6d
-
SHA1
3334452e9da9f49d07058395bede8b06bc69ba0e
-
SHA256
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860
-
SHA512
6f11268b4a581f215811882fbf510801bce98aba6eda56fb9d4de04fdf00dddbada92c03953e1888cfcbbf7ca2d71d11f91895977955a6c9ecd5f5b0d520fda9
Static task
static1
Behavioral task
behavioral1
Sample
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
trickbot
1000310
sat4
82.202.212.172:443
24.247.181.155:449
24.247.182.39:449
213.183.63.16:443
74.132.133.246:449
24.247.182.7:449
71.14.129.8:449
198.46.131.164:443
74.132.135.120:449
198.46.160.217:443
71.94.101.25:443
206.130.141.255:449
192.3.52.107:443
74.140.160.33:449
65.31.241.133:449
140.190.54.187:449
24.247.181.226:449
108.160.196.130:449
23.94.187.116:443
103.110.91.118:449
188.68.211.211:443
75.108.123.165:449
72.189.124.41:449
74.134.5.113:449
105.27.171.234:449
182.253.20.66:449
172.222.97.179:449
72.241.62.188:449
198.46.198.241:443
199.227.126.250:449
97.87.172.0:449
197.232.50.85:443
94.232.20.113:443
190.145.74.84:449
47.49.168.50:443
64.128.175.37:449
24.227.222.4:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860
-
Size
355KB
-
MD5
071b4497f6f663133e9d2c5b9fc15c6d
-
SHA1
3334452e9da9f49d07058395bede8b06bc69ba0e
-
SHA256
333f975099aa98ab61a6972cd31ec5f8314c6cb1a49ece968a951ad84f494860
-
SHA512
6f11268b4a581f215811882fbf510801bce98aba6eda56fb9d4de04fdf00dddbada92c03953e1888cfcbbf7ca2d71d11f91895977955a6c9ecd5f5b0d520fda9
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-