General
-
Target
3cd11df9e2af44982a94b0831508741271b804195cfe959e0c369d5bef29cf55
-
Size
392KB
-
Sample
220703-fwqgaaaca4
-
MD5
597284e27cb936c11b565ac6f9976cee
-
SHA1
ddc459295dfe17d58ba7a8153e8aa13a2cba4425
-
SHA256
3cd11df9e2af44982a94b0831508741271b804195cfe959e0c369d5bef29cf55
-
SHA512
a70cf2a466232fa269ddd96865310b9f9133598d69ff3f979e0fb7ae6ca0138e423c7cf14713842b2917067b1c6a014667c9fa1e6447410facc7433223ce07bb
Malware Config
Extracted
trickbot
1000269
jim320
154.16.137.73:443
94.181.47.198:449
75.103.4.186:443
23.94.41.215:443
181.113.17.230:449
212.23.70.149:443
172.82.152.132:443
170.81.32.66:449
42.115.91.177:443
107.173.102.231:443
121.58.242.206:449
167.114.13.91:443
192.252.209.44:443
182.50.64.148:449
187.190.249.230:443
107.175.127.147:443
82.222.40.119:449
198.100.157.163:443
23.226.138.169:443
103.110.91.118:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
3cd11df9e2af44982a94b0831508741271b804195cfe959e0c369d5bef29cf55
-
Size
392KB
-
MD5
597284e27cb936c11b565ac6f9976cee
-
SHA1
ddc459295dfe17d58ba7a8153e8aa13a2cba4425
-
SHA256
3cd11df9e2af44982a94b0831508741271b804195cfe959e0c369d5bef29cf55
-
SHA512
a70cf2a466232fa269ddd96865310b9f9133598d69ff3f979e0fb7ae6ca0138e423c7cf14713842b2917067b1c6a014667c9fa1e6447410facc7433223ce07bb
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-