General
-
Target
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3
-
Size
516KB
-
Sample
220701-e49dpacbbr
-
MD5
e18c9d414140f2cde7ae1151489f65b6
-
SHA1
79ed070d71ab2bf5ef7a669a328624e4e5c898b5
-
SHA256
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3
-
SHA512
78fd08a6b2e3b9d9adb74a947225d3d49bc91bdc713a20dadf19f658eb985a39b8699d68844e46f5d72907edca95dbc05cf347ed7cf86f32720a280475c7a4e2
Static task
static1
Behavioral task
behavioral1
Sample
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
trickbot
1000293
lib346
51.68.170.58:443
68.3.14.71:443
174.105.235.178:449
195.54.162.247:443
181.113.17.230:449
174.105.233.82:449
66.60.121.58:449
207.140.14.141:443
42.115.91.177:443
5.189.224.254:443
71.94.101.25:443
206.130.141.255:449
74.140.160.33:449
65.31.241.133:449
140.190.54.187:449
75.102.135.23:449
24.119.69.70:449
85.143.223.51:443
103.110.91.118:449
68.4.173.10:443
72.189.124.41:449
103.111.53.126:449
105.27.171.234:449
182.253.20.66:449
199.182.59.42:449
71.193.151.218:443
46.149.182.112:449
82.146.56.24:443
199.227.126.250:449
24.113.161.184:449
197.232.50.85:443
94.232.20.113:443
190.145.74.84:449
47.49.168.50:443
73.67.78.5:449
67.49.38.139:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3
-
Size
516KB
-
MD5
e18c9d414140f2cde7ae1151489f65b6
-
SHA1
79ed070d71ab2bf5ef7a669a328624e4e5c898b5
-
SHA256
df8de65b3cce5e60de0564665a4c27283b70226e3341c455c10f0df7712413b3
-
SHA512
78fd08a6b2e3b9d9adb74a947225d3d49bc91bdc713a20dadf19f658eb985a39b8699d68844e46f5d72907edca95dbc05cf347ed7cf86f32720a280475c7a4e2
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-