General
-
Target
6120ea3fe512a9a279028cfc4203687efecc92ca0c7a4fad3711b7e92930c210
-
Size
428KB
-
Sample
220701-hzk23shccq
-
MD5
cd40c5aac2b062de2b52641c98268aa5
-
SHA1
0a7e67671c522a702d853f2a75f80e4a1d799a52
-
SHA256
6120ea3fe512a9a279028cfc4203687efecc92ca0c7a4fad3711b7e92930c210
-
SHA512
bff80e65d2dbda7ce7108846b9948bd0936e168722f741b397e1050fb52095b1a8eb6aa507d2149693d719d80c3ab694db451dc53da70ad7ffcc861aabeb46aa
Malware Config
Extracted
trickbot
1000498
wmd38
5.182.210.226:443
82.146.62.52:443
164.68.120.56:443
185.11.146.86:443
5.2.78.70:443
185.65.202.240:443
193.26.217.243:443
81.177.180.254:443
5.34.177.40:443
185.186.77.222:443
188.227.84.209:443
185.45.193.76:443
46.229.213.27:443
88.99.112.87:443
51.254.164.240:443
45.148.120.13:443
5.2.78.77:443
64.44.51.125:443
107.172.165.149:443
45.148.120.14:443
-
autorunName:pwgrab
Targets
-
-
Target
6120ea3fe512a9a279028cfc4203687efecc92ca0c7a4fad3711b7e92930c210
-
Size
428KB
-
MD5
cd40c5aac2b062de2b52641c98268aa5
-
SHA1
0a7e67671c522a702d853f2a75f80e4a1d799a52
-
SHA256
6120ea3fe512a9a279028cfc4203687efecc92ca0c7a4fad3711b7e92930c210
-
SHA512
bff80e65d2dbda7ce7108846b9948bd0936e168722f741b397e1050fb52095b1a8eb6aa507d2149693d719d80c3ab694db451dc53da70ad7ffcc861aabeb46aa
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Dave packer
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-