General
-
Target
576352d72a627ae9cffc50abd3ca9930e92ec823724b4b5186a1dbd2df1d48a2
-
Size
380KB
-
Sample
220724-2wbh1scacl
-
MD5
44de98af8b6588ea597cdc95844fdda6
-
SHA1
2c222cf976ab93c63a494bab2c4bf35b0e3c894a
-
SHA256
576352d72a627ae9cffc50abd3ca9930e92ec823724b4b5186a1dbd2df1d48a2
-
SHA512
cde452c4de6fba7bb9e47a1f3543cbe1fe64fc727047e3f0edfa62ec5ad078e496234d0b8e14c2db1fed973f32daee72394d6d8f440a0ff84f4cb2f68771ff76
Malware Config
Extracted
trickbot
1000194
ser0516
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
95.161.180.42:449
203.86.222.142:443
173.220.6.194:449
179.107.89.145:449
46.20.207.204:443
69.122.117.95:449
68.96.73.154:449
185.42.192.194:449
189.84.125.37:443
68.227.31.46:449
107.144.49.162:443
46.72.175.17:449
144.48.51.8:443
46.243.179.212:449
81.177.255.76:449
37.230.112.67:443
92.53.78.159:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
576352d72a627ae9cffc50abd3ca9930e92ec823724b4b5186a1dbd2df1d48a2
-
Size
380KB
-
MD5
44de98af8b6588ea597cdc95844fdda6
-
SHA1
2c222cf976ab93c63a494bab2c4bf35b0e3c894a
-
SHA256
576352d72a627ae9cffc50abd3ca9930e92ec823724b4b5186a1dbd2df1d48a2
-
SHA512
cde452c4de6fba7bb9e47a1f3543cbe1fe64fc727047e3f0edfa62ec5ad078e496234d0b8e14c2db1fed973f32daee72394d6d8f440a0ff84f4cb2f68771ff76
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-