General
-
Target
7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8
-
Size
324KB
-
Sample
220701-dt1hcshhar
-
MD5
b2dc507828839a7be9480788f3070f22
-
SHA1
006e3c0e7edb3e46706c84bef04e5bc3dbe63c85
-
SHA256
7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8
-
SHA512
b14a9ce30bbad42e9ba048cba2e290cc6d50356694b9c1a92bb245469652a43b6e29ece76cfe403dd34b28bf1fe0548722c2df765842d11bd656a220407650fb
Static task
static1
Behavioral task
behavioral1
Sample
7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000491
red2
23.94.70.12:443
5.182.210.132:443
5.2.75.137:443
172.82.152.136:443
198.23.252.117:443
194.5.250.62:443
185.14.30.176:443
195.123.245.127:443
195.54.162.179:443
184.164.137.190:443
198.46.161.213:443
64.44.51.106:443
107.172.251.159:443
85.143.220.41:443
107.172.29.108:443
107.172.208.51:443
107.181.187.221:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449
-
autorunName:pwgrab
Targets
-
-
Target
7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8
-
Size
324KB
-
MD5
b2dc507828839a7be9480788f3070f22
-
SHA1
006e3c0e7edb3e46706c84bef04e5bc3dbe63c85
-
SHA256
7f6950ade2e54fec60c62d9443ee5527cdadf2b1aca3d86acadee2773dad97c8
-
SHA512
b14a9ce30bbad42e9ba048cba2e290cc6d50356694b9c1a92bb245469652a43b6e29ece76cfe403dd34b28bf1fe0548722c2df765842d11bd656a220407650fb
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-