General
-
Target
58443a60ecb0555e3b92416f93edd4245e6735cffdd480ef00e4cb2169f0cf14
-
Size
428KB
-
Sample
220724-tddxeshga5
-
MD5
e054ba3861687187c1f110f3a6185f00
-
SHA1
a50a9a86b98183bd15526e4fc7e878d25c2d5ae6
-
SHA256
58443a60ecb0555e3b92416f93edd4245e6735cffdd480ef00e4cb2169f0cf14
-
SHA512
36ad0542fbec2bb7d8e8d30202af35526854e782e8c75a9f972e6b14100025be3982e3fe7f1e35caab328630bc09c2cd7b612bf178e1e243347d52446c311e0a
Malware Config
Extracted
trickbot
1000296
tot349
185.222.202.113:443
24.247.181.155:449
174.105.235.178:449
185.111.74.246:443
181.113.17.230:449
174.105.233.82:449
66.60.121.58:449
207.140.14.141:443
42.115.91.177:443
198.12.108.171:443
71.94.101.25:443
206.130.141.255:449
198.46.161.244:443
74.140.160.33:449
65.31.241.133:449
140.190.54.187:449
66.38.80.188:449
24.119.69.70:449
192.3.130.29:443
103.110.91.118:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
58443a60ecb0555e3b92416f93edd4245e6735cffdd480ef00e4cb2169f0cf14
-
Size
428KB
-
MD5
e054ba3861687187c1f110f3a6185f00
-
SHA1
a50a9a86b98183bd15526e4fc7e878d25c2d5ae6
-
SHA256
58443a60ecb0555e3b92416f93edd4245e6735cffdd480ef00e4cb2169f0cf14
-
SHA512
36ad0542fbec2bb7d8e8d30202af35526854e782e8c75a9f972e6b14100025be3982e3fe7f1e35caab328630bc09c2cd7b612bf178e1e243347d52446c311e0a
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-