General
-
Target
609cc34749da7ce6e8dbb3de9b7d0be03eca4cea63a4f3b1c383a3d483d0ecd6
-
Size
340KB
-
Sample
220731-ed9a1agbem
-
MD5
f0bd265c4732a39c800c7f36c4f6d5cc
-
SHA1
664b0bb2e21dd167d3fd5ee6f804b188773f9ded
-
SHA256
609cc34749da7ce6e8dbb3de9b7d0be03eca4cea63a4f3b1c383a3d483d0ecd6
-
SHA512
b6f11c19ba6c3030ef54a7ba3ac944a6b172b628e7898decca8766a4b68bfa65919ee9bcf179b1d0babd7ca4bdbaa87ef39268104e81f9da9d4d997bda71d8a3
Malware Config
Extracted
trickbot
1000192
ser0511
209.121.142.202:449
5.102.177.205:449
209.121.142.214:449
95.161.180.42:449
203.86.222.142:449
109.95.114.28:449
118.91.178.106:449
173.220.6.194:449
179.107.89.145:449
46.20.207.204:449
91.206.4.216:449
69.122.117.95:449
68.96.73.154:449
185.42.192.194:449
189.84.125.37:449
68.227.31.46:449
107.144.49.162:449
46.72.175.17:449
144.48.51.8:449
46.243.179.212:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
609cc34749da7ce6e8dbb3de9b7d0be03eca4cea63a4f3b1c383a3d483d0ecd6
-
Size
340KB
-
MD5
f0bd265c4732a39c800c7f36c4f6d5cc
-
SHA1
664b0bb2e21dd167d3fd5ee6f804b188773f9ded
-
SHA256
609cc34749da7ce6e8dbb3de9b7d0be03eca4cea63a4f3b1c383a3d483d0ecd6
-
SHA512
b6f11c19ba6c3030ef54a7ba3ac944a6b172b628e7898decca8766a4b68bfa65919ee9bcf179b1d0babd7ca4bdbaa87ef39268104e81f9da9d4d997bda71d8a3
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-