General
-
Target
48e4552ed69de24287939835e4333a4d1fc62a78a730940d8df585b3af9815f7
-
Size
315KB
-
Sample
220714-byfmmsage7
-
MD5
fe9ecea821f94c0f51c203df9fe8e22b
-
SHA1
37d2f43e3982d280be2679baa0374db4e3f7f219
-
SHA256
48e4552ed69de24287939835e4333a4d1fc62a78a730940d8df585b3af9815f7
-
SHA512
93c4237eced462c639309e2986d1752b9602b02e586933dee3706727c36a3ca4213344caa94bf513ff2c34547377f83e9d7c4fa7f4f2b53976ff99e65f03d84e
Static task
static1
Behavioral task
behavioral1
Sample
48e4552ed69de24287939835e4333a4d1fc62a78a730940d8df585b3af9815f7.exe
Resource
win7-20220414-en
Malware Config
Extracted
trickbot
1000485
kin5
212.73.150.233:443
108.170.52.149:443
195.123.220.193:443
185.99.2.242:443
107.173.160.18:443
23.94.3.13:443
192.3.73.164:443
195.54.162.66:443
45.141.100.6:443
94.156.35.235:443
192.3.247.106:443
194.5.250.169:443
37.230.114.53:443
194.5.250.109:443
103.219.213.102:449
117.255.221.135:449
189.28.185.50:449
177.105.242.229:449
190.214.13.2:449
181.140.173.186:449
181.129.104.139:449
190.142.200.108:449
181.196.207.202:449
181.113.28.146:449
181.112.157.42:449
170.84.78.224:449
117.196.233.79:449
103.196.211.212:449
178.183.150.169:449
81.190.160.139:449
200.21.51.38:449
46.174.235.36:449
36.89.85.103:449
190.72.235.47:449
181.129.134.18:449
103.255.10.24:449
31.214.138.207:449
190.13.160.19:449
186.71.150.23:449
131.161.253.190:449
200.127.121.99:449
-
autorunName:pwgrab
Targets
-
-
Target
48e4552ed69de24287939835e4333a4d1fc62a78a730940d8df585b3af9815f7
-
Size
315KB
-
MD5
fe9ecea821f94c0f51c203df9fe8e22b
-
SHA1
37d2f43e3982d280be2679baa0374db4e3f7f219
-
SHA256
48e4552ed69de24287939835e4333a4d1fc62a78a730940d8df585b3af9815f7
-
SHA512
93c4237eced462c639309e2986d1752b9602b02e586933dee3706727c36a3ca4213344caa94bf513ff2c34547377f83e9d7c4fa7f4f2b53976ff99e65f03d84e
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-