General
-
Target
3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32
-
Size
440KB
-
Sample
220701-f8tdpseagp
-
MD5
bcc88c48e2b3f1c09366e4412155ad7b
-
SHA1
6c86cc8c856e89edfa1990cb03b3b93853a0bac2
-
SHA256
3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32
-
SHA512
b3bce9ec94eeb0a5d6fb8f0efc8160e8da5526358bfbca082db5e4349cc027d8eed5f09cfe71fec737b78989af3f9943bc983c6ba00071491cde4022011e75d9
Static task
static1
Behavioral task
behavioral1
Sample
3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000074
kas55
79.170.7.139:449
196.202.194.202:451
176.120.126.21:449
91.239.249.118:449
156.17.92.161:449
188.137.86.7:449
178.254.183.34:449
178.254.183.13:449
178.217.117.240:449
178.217.119.241:449
94.251.188.225:449
186.71.234.176:449
190.226.126.182:449
178.169.129.202:449
37.114.195.246:449
79.119.121.185:449
188.120.249.181:443
62.109.9.121:443
179.43.147.208:443
188.120.248.190:443
80.87.198.198:443
185.34.52.193:443
62.109.24.224:443
82.146.59.195:443
80.87.198.199:443
185.80.129.135:443
62.109.26.77:443
194.87.234.254:443
185.34.52.120:443
149.154.71.149:443
185.80.129.67:443
194.87.236.14:443
188.120.249.77:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32
-
Size
440KB
-
MD5
bcc88c48e2b3f1c09366e4412155ad7b
-
SHA1
6c86cc8c856e89edfa1990cb03b3b93853a0bac2
-
SHA256
3ebcab7c38a4abe88cf02e43c6e1a18fa3e38cc9a1b95869c0a6d6b78430bc32
-
SHA512
b3bce9ec94eeb0a5d6fb8f0efc8160e8da5526358bfbca082db5e4349cc027d8eed5f09cfe71fec737b78989af3f9943bc983c6ba00071491cde4022011e75d9
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-