General
-
Target
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5
-
Size
221KB
-
Sample
220626-bhd4wabcbr
-
MD5
edccfe5ef48de6b0f3bbf53cc1012533
-
SHA1
9eb4232a55276936ff822c27996d70e7597550be
-
SHA256
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5
-
SHA512
41cbc62c5469c761f5bbf6b9ecffd4465c3fbe8ce562369a2a176d2e15fee4755ce6b244fb49a834e69906375347aca9519dac0f921afbd1d3c278d22eeba3d1
Static task
static1
Behavioral task
behavioral1
Sample
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
trickbot
1000198
ser0524
208.75.117.70:449
92.55.251.211:449
118.91.178.139:449
94.112.52.197:449
138.34.29.172:443
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
95.161.180.42:449
203.86.222.142:443
46.20.207.204:443
68.96.73.154:449
185.42.192.194:449
68.227.31.46:449
107.144.49.162:443
46.72.175.17:449
144.48.51.8:443
46.243.179.212:449
81.177.255.76:449
185.180.198.78:443
95.213.199.63:443
62.109.24.78:443
89.223.26.125:443
82.146.60.173:443
85.143.219.150:443
193.233.60.148:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5
-
Size
221KB
-
MD5
edccfe5ef48de6b0f3bbf53cc1012533
-
SHA1
9eb4232a55276936ff822c27996d70e7597550be
-
SHA256
36e3ca4947f1a83aa59247ff120d09d3746e69795c759d6e02bd7a9b3fe967d5
-
SHA512
41cbc62c5469c761f5bbf6b9ecffd4465c3fbe8ce562369a2a176d2e15fee4755ce6b244fb49a834e69906375347aca9519dac0f921afbd1d3c278d22eeba3d1
Score10/10-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-