General
-
Target
ceeb48e3c2b1e0ccc5fc6b5168797e945c5a8ecc037c147607e8b4a2b3bb426b
-
Size
728KB
-
Sample
220701-ffqr4sedh5
-
MD5
ffef98580ded08a36ffac93f8686d997
-
SHA1
d19db2dc9a16cf8ed8a315c779fc2fbe26aa3468
-
SHA256
ceeb48e3c2b1e0ccc5fc6b5168797e945c5a8ecc037c147607e8b4a2b3bb426b
-
SHA512
4d1da965c08275f3eebf661c91038fce9e6bc190ce9ce4063a727f924782c6871beed503c68faf447d0863f6e356178fae0aa1b72af20f4044f740c8f536faee
Static task
static1
Behavioral task
behavioral1
Sample
ceeb48e3c2b1e0ccc5fc6b5168797e945c5a8ecc037c147607e8b4a2b3bb426b.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000493
lib641
195.123.220.178:443
198.23.209.201:443
188.165.62.34:443
164.68.120.60:443
146.185.253.191:443
185.213.20.246:443
45.137.151.198:443
185.141.27.190:443
51.89.115.124:443
188.120.254.68:443
78.24.223.88:443
185.177.59.163:443
5.182.210.109:443
5.2.70.145:443
172.82.152.11:443
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
181.129.134.18:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
114.8.133.71:449
119.252.165.75:449
121.100.19.18:449
202.29.215.114:449
180.180.216.177:449
171.100.142.238:449
186.232.91.240:449
181.196.207.202:449
-
autorunName:pwgrab
Targets
-
-
Target
ceeb48e3c2b1e0ccc5fc6b5168797e945c5a8ecc037c147607e8b4a2b3bb426b
-
Size
728KB
-
MD5
ffef98580ded08a36ffac93f8686d997
-
SHA1
d19db2dc9a16cf8ed8a315c779fc2fbe26aa3468
-
SHA256
ceeb48e3c2b1e0ccc5fc6b5168797e945c5a8ecc037c147607e8b4a2b3bb426b
-
SHA512
4d1da965c08275f3eebf661c91038fce9e6bc190ce9ce4063a727f924782c6871beed503c68faf447d0863f6e356178fae0aa1b72af20f4044f740c8f536faee
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-