General
-
Target
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5
-
Size
460KB
-
Sample
220801-gsdtradhhn
-
MD5
111ed5614d666990dc7714ea135bf33e
-
SHA1
7dfcac8063524ee8e09c373ec2a886967bb9fdd1
-
SHA256
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5
-
SHA512
3ce8bd56d7e375fbc11543a7e896b265607e06b67c7ee000cda85abade9ee6feff6ac098f22ab5908a7784c4b10def7b927a0782f56141b7c938b9e75d5ffbc7
Static task
static1
Behavioral task
behavioral1
Sample
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
trickbot
1000294
tot347
51.68.170.58:443
68.3.14.71:443
174.105.235.178:449
91.235.128.69:443
181.113.17.230:449
174.105.233.82:449
66.60.121.58:449
207.140.14.141:443
42.115.91.177:443
206.130.141.255:449
74.140.160.33:449
65.31.241.133:449
140.190.54.187:449
75.102.135.23:449
24.119.69.70:449
195.123.212.139:443
103.110.91.118:449
68.4.173.10:443
72.189.124.41:449
105.27.171.234:449
182.253.20.66:449
199.182.59.42:449
46.149.182.112:449
199.227.126.250:449
24.113.161.184:449
197.232.50.85:443
94.232.20.113:443
190.145.74.84:449
47.49.168.50:443
73.67.78.5:449
-
autorunControl:GetSystemInfoName:systeminfoName:injectDllName:pwgrab
Targets
-
-
Target
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5
-
Size
460KB
-
MD5
111ed5614d666990dc7714ea135bf33e
-
SHA1
7dfcac8063524ee8e09c373ec2a886967bb9fdd1
-
SHA256
5c8e117e71bf3e49dafa70f0d63b3ab0b3f4565d65bd131c52c32a1bc25899c5
-
SHA512
3ce8bd56d7e375fbc11543a7e896b265607e06b67c7ee000cda85abade9ee6feff6ac098f22ab5908a7784c4b10def7b927a0782f56141b7c938b9e75d5ffbc7
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-