General
-
Target
53a0e9972acab581264117bb1346cf1c78c440a42a809112033b253784d95884
-
Size
300KB
-
Sample
220727-a58fkagdbm
-
MD5
a05fd97546d2b529f2b4fbb5917167b2
-
SHA1
972123b36192c44fe542936d83652fc379b92bc5
-
SHA256
53a0e9972acab581264117bb1346cf1c78c440a42a809112033b253784d95884
-
SHA512
4b4197a469f8a3e6a29f9bc7df240c8e05aea777804d5525315caadd051ff973d723be914ca45e4c11736c4962ec164d6d87022f4dd53aef40c6c6414db149e5
Malware Config
Extracted
trickbot
1000210
lib244
188.124.167.132:449
93.109.242.134:443
41.211.9.226:443
158.58.131.54:443
36.74.100.211:449
87.255.24.238:449
200.111.167.227:449
109.86.227.152:443
85.172.38.59:449
190.4.189.129:443
65.30.201.40:443
66.232.212.59:443
80.53.57.146:443
182.253.210.130:449
155.133.31.21:449
94.112.52.197:449
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
185.42.192.194:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
53a0e9972acab581264117bb1346cf1c78c440a42a809112033b253784d95884
-
Size
300KB
-
MD5
a05fd97546d2b529f2b4fbb5917167b2
-
SHA1
972123b36192c44fe542936d83652fc379b92bc5
-
SHA256
53a0e9972acab581264117bb1346cf1c78c440a42a809112033b253784d95884
-
SHA512
4b4197a469f8a3e6a29f9bc7df240c8e05aea777804d5525315caadd051ff973d723be914ca45e4c11736c4962ec164d6d87022f4dd53aef40c6c6414db149e5
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-