General
-
Target
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c
-
Size
456KB
-
Sample
220625-dkawcabfdl
-
MD5
c74656862b16f81d02c109030260245b
-
SHA1
53b97a9f6b4894d99386a42ab7196d83b719e012
-
SHA256
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c
-
SHA512
ca9283c703e2bbbe2ef6a5291d8460663750a9bb9df41eeecc3bb6fef78db0a0b9a529a68c9b0ccbf288389bc9a42a4f654df4d3e2487bbdd7235ba285123c72
Static task
static1
Behavioral task
behavioral1
Sample
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
trickbot
1000502
yas20
5.182.210.226:443
5.182.210.120:443
146.185.253.161:443
194.5.250.136:443
217.12.209.199:443
185.99.2.220:443
192.210.226.106:443
51.254.164.244:443
45.148.120.153:443
5.255.96.119:443
45.142.213.70:443
203.23.128.148:443
195.2.93.50:443
45.93.4.134:443
185.141.27.238:443
93.189.42.66:443
91.235.129.144:443
82.148.16.5:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449
-
autorunName:pwgrab
Targets
-
-
Target
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c
-
Size
456KB
-
MD5
c74656862b16f81d02c109030260245b
-
SHA1
53b97a9f6b4894d99386a42ab7196d83b719e012
-
SHA256
02db3c6b9aff73bf8a11c41107c836b6c800c919c5d3d1304f336aee03f79f4c
-
SHA512
ca9283c703e2bbbe2ef6a5291d8460663750a9bb9df41eeecc3bb6fef78db0a0b9a529a68c9b0ccbf288389bc9a42a4f654df4d3e2487bbdd7235ba285123c72
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Executes dropped EXE
-
Loads dropped DLL
-