General
-
Target
ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
-
Size
448KB
-
Sample
220630-3cz8pscaek
-
MD5
8b75355e205e6789778fd5146df70677
-
SHA1
4360948fcc779f11cf5221c6b60b0f0208ee7e36
-
SHA256
ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
-
SHA512
279411907be2d86e7cb8dd577ccee2e6b8197045bc4ae388729b882f9f7d83941c105d098efcbe5aeea366d66f6ab3082b66a6b5b5deee26f3a4557f1a9f7b10
Static task
static1
Behavioral task
behavioral1
Sample
ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c.exe
Resource
win7-20220414-en
Malware Config
Extracted
Family |
trickbot |
Version |
1000507 |
Botnet |
ono38 |
C2 |
51.89.115.112:443 185.141.27.225:443 151.80.212.114:443 5.182.210.178:443 188.119.113.60:443 91.235.129.199:443 185.234.72.193:443 194.5.250.200:443 185.14.29.141:443 185.99.2.197:443 185.234.72.50:443 194.5.250.201:443 108.170.61.186:443 217.12.209.159:443 185.99.2.44:443 51.89.115.108:443 164.68.120.58:443 164.132.255.19:443 148.251.185.164:443 94.250.250.69:443 94.250.249.170:443 195.123.237.105:443 190.214.13.2:449 181.129.104.139:449 181.112.157.42:449 181.129.134.18:449 131.161.253.190:449 121.100.19.18:449 202.29.215.114:449 171.100.142.238:449 190.136.178.52:449 45.6.16.68:449 110.232.76.39:449 122.50.6.122:449 103.12.161.194:449 36.91.45.10:449 103.227.147.82:449 96.9.77.56:449 103.5.231.188:449 110.93.15.98:449 200.171.101.169:449 |
Attributes |
autorun Name:pwgrab |
ecc_pubkey.base64 |
|
Targets
-
-
Target
ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
-
Size
448KB
-
MD5
8b75355e205e6789778fd5146df70677
-
SHA1
4360948fcc779f11cf5221c6b60b0f0208ee7e36
-
SHA256
ef4528f39c6005d6b7f43fbd3d01b40e03940da8640bcf1622e8d3227b8bdc7c
-
SHA512
279411907be2d86e7cb8dd577ccee2e6b8197045bc4ae388729b882f9f7d83941c105d098efcbe5aeea366d66f6ab3082b66a6b5b5deee26f3a4557f1a9f7b10
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation