General
-
Target
qca.exe
-
Size
383KB
-
Sample
220822-13s6zagfe3
-
MD5
b065af93b5fd551526705b5968d0ca10
-
SHA1
e807ff55829a205941096b8edfcda6a0cdc3ccc1
-
SHA256
28c33a9676f04274b2868c1a2c092503a57d38833f0f8b964d55458623b82b6e
-
SHA512
dcff979209cfe0d309a9ddbf1c99de41102cc86f8541160ad6e185d3ae23b5fd7c97c4c36fd7df95ef3aa73b4846b5811fdb96ee671d0a2220d8f75c009aebb4
-
SSDEEP
6144:Lp0ZFUrIyx1JSIT4k2z0qJ1yFMj/76wI2dfWG072/PeyXT6DI1h3H+lusL:L+ZFUrrBj4kFFMjjGq57Pe2TaI1h3OtL
Static task
static1
Malware Config
Extracted
trickbot
1000271
lib322
195.54.163.210:443
94.181.47.198:449
81.21.121.138:449
23.94.41.215:443
181.113.17.230:449
212.23.70.149:443
185.251.38.135:443
170.81.32.66:449
42.115.91.177:443
107.173.102.231:443
121.58.242.206:449
167.114.13.91:443
192.252.209.44:443
182.50.64.148:449
187.190.249.230:443
107.175.127.147:443
82.222.40.119:449
198.100.157.163:443
23.226.138.169:443
103.110.91.118:449
31.179.162.86:443
128.201.92.41:449
70.48.101.54:443
103.111.53.126:449
105.27.171.234:449
182.253.20.66:449
71.13.140.89:443
179.127.254.196:443
169.1.39.89:443
46.149.182.112:449
81.17.86.112:443
62.141.94.107:443
115.78.3.170:443
197.232.50.85:449
94.232.20.113:443
190.145.74.84:449
47.49.168.50:443
116.212.152.12:449
68.109.83.22:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
qca.exe
-
Size
383KB
-
MD5
b065af93b5fd551526705b5968d0ca10
-
SHA1
e807ff55829a205941096b8edfcda6a0cdc3ccc1
-
SHA256
28c33a9676f04274b2868c1a2c092503a57d38833f0f8b964d55458623b82b6e
-
SHA512
dcff979209cfe0d309a9ddbf1c99de41102cc86f8541160ad6e185d3ae23b5fd7c97c4c36fd7df95ef3aa73b4846b5811fdb96ee671d0a2220d8f75c009aebb4
-
SSDEEP
6144:Lp0ZFUrIyx1JSIT4k2z0qJ1yFMj/76wI2dfWG072/PeyXT6DI1h3H+lusL:L+ZFUrrBj4kFFMjjGq57Pe2TaI1h3OtL
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Drops file in System32 directory
-