General
-
Target
872b1aa30dd2bda76797fa9d88baece5e3ee5d8d66baaa874784b62abbd4aad1
-
Size
496KB
-
Sample
220701-dtnhssbfe7
-
MD5
6a9c8a91106110707e8e155ce3364328
-
SHA1
3a7542fe4109aef138b2adf9fa8086fac385b8e1
-
SHA256
872b1aa30dd2bda76797fa9d88baece5e3ee5d8d66baaa874784b62abbd4aad1
-
SHA512
eb077aa248cc263483ce1c7487396af2149e5ba06c34ee35f502aa9c4bf8a7f20d6bdea1a028276b5072c116be2b384198844aaa86e28f427898e7043a8bb8bf
Static task
static1
Behavioral task
behavioral1
Sample
872b1aa30dd2bda76797fa9d88baece5e3ee5d8d66baaa874784b62abbd4aad1.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000500
wmd41
5.182.210.226:443
185.62.188.10:443
185.252.144.190:443
92.223.93.153:443
51.89.115.99:443
89.32.41.126:443
5.255.96.153:443
94.156.35.216:443
80.87.195.21:443
5.34.176.184:443
62.109.1.7:443
212.80.216.181:443
5.182.210.120:443
194.5.250.166:443
185.14.30.209:443
51.89.115.103:443
85.204.116.179:443
194.5.250.168:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449
-
autorunName:pwgrab
Targets
-
-
Target
872b1aa30dd2bda76797fa9d88baece5e3ee5d8d66baaa874784b62abbd4aad1
-
Size
496KB
-
MD5
6a9c8a91106110707e8e155ce3364328
-
SHA1
3a7542fe4109aef138b2adf9fa8086fac385b8e1
-
SHA256
872b1aa30dd2bda76797fa9d88baece5e3ee5d8d66baaa874784b62abbd4aad1
-
SHA512
eb077aa248cc263483ce1c7487396af2149e5ba06c34ee35f502aa9c4bf8a7f20d6bdea1a028276b5072c116be2b384198844aaa86e28f427898e7043a8bb8bf
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-