General
-
Target
5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
-
Size
509KB
-
Sample
220731-w2kqzsbah5
-
MD5
5de0159c82fdd78e94b2565d105d3dae
-
SHA1
2b267c1cfde9af7d1807983f69d83cff234d0fe6
-
SHA256
5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
-
SHA512
8100297f681243c29d5d4e33d48d8bfa64b0dbef6530f8a1b78d6120a15f04d8ccc8a034865d5c9321e5bab97098ab2673385f1de62e3fb463a548ab5dc0cd94
Static task
static1
Behavioral task
behavioral1
Sample
5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9.exe
Resource
win7-20220718-en
Malware Config
Extracted
trickbot
1000231
ser0719
138.34.32.218:443
178.78.202.189:443
85.9.212.117:443
93.109.242.134:443
103.210.30.201:443
158.58.131.54:443
87.117.146.63:443
118.200.151.113:443
89.117.107.13:443
109.86.227.152:443
200.2.126.98:443
31.29.62.112:443
83.167.164.81:443
194.68.23.182:443
182.253.210.130:449
77.89.86.93:443
70.79.178.120:449
68.109.83.22:443
185.129.193.221:443
184.68.167.42:443
200.46.121.130:443
92.53.77.105:443
92.38.135.168:443
185.174.172.236:443
109.234.37.227:443
213.183.63.144:443
94.103.80.56:443
185.159.129.131:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
-
Size
509KB
-
MD5
5de0159c82fdd78e94b2565d105d3dae
-
SHA1
2b267c1cfde9af7d1807983f69d83cff234d0fe6
-
SHA256
5f0f526224662093e053e734c0efee8f820c8664573bdf95bd20d4558814d4d9
-
SHA512
8100297f681243c29d5d4e33d48d8bfa64b0dbef6530f8a1b78d6120a15f04d8ccc8a034865d5c9321e5bab97098ab2673385f1de62e3fb463a548ab5dc0cd94
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-