General
-
Target
5df26114f76ec86dcd5309e3b50379fd57f0e0f86b22d3245d17c6e17fdd96d3
-
Size
383KB
-
Sample
220731-1s215ababp
-
MD5
366c27888902481f1e12ebbfa9ce946a
-
SHA1
7801599ce1123bfe5990534d0c649ec913aae5cd
-
SHA256
5df26114f76ec86dcd5309e3b50379fd57f0e0f86b22d3245d17c6e17fdd96d3
-
SHA512
6d253a38151308e9cbf5537cd440f094d159a3e90c5a4826ff94f4e16b2b66b39563da3807b59db83dfd74c0255d51e3d0e3afed1a631697c92dd7b3f10f51f5
Malware Config
Extracted
trickbot
1000287
ser1025us
193.111.63.208:443
68.3.14.71:443
174.105.235.178:449
5.196.131.249:443
181.113.17.230:449
205.157.150.98:443
185.251.38.187:443
207.140.14.141:443
42.115.91.177:443
54.39.167.242:443
71.94.101.25:443
68.45.243.125:449
82.202.236.66:443
74.140.160.33:449
76.181.182.166:449
140.190.54.187:449
82.222.40.119:449
24.119.69.70:449
188.68.208.242:443
103.110.91.118:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
5df26114f76ec86dcd5309e3b50379fd57f0e0f86b22d3245d17c6e17fdd96d3
-
Size
383KB
-
MD5
366c27888902481f1e12ebbfa9ce946a
-
SHA1
7801599ce1123bfe5990534d0c649ec913aae5cd
-
SHA256
5df26114f76ec86dcd5309e3b50379fd57f0e0f86b22d3245d17c6e17fdd96d3
-
SHA512
6d253a38151308e9cbf5537cd440f094d159a3e90c5a4826ff94f4e16b2b66b39563da3807b59db83dfd74c0255d51e3d0e3afed1a631697c92dd7b3f10f51f5
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-