General
-
Target
1e1cd8e03241b215e25e403ad23c5db674177c566ebd88ff665a1ec214f7e534
-
Size
299KB
-
Sample
221130-tj6jmahb41
-
MD5
fa04235f2c1acd6e551ec5ffecdcf71b
-
SHA1
3b7d78b3cf06f6b0caa20b7b8ae9dc395548a723
-
SHA256
1e1cd8e03241b215e25e403ad23c5db674177c566ebd88ff665a1ec214f7e534
-
SHA512
6d1ee393551222413f3f07252ef7201b51047ef4b76dd8cdc74e2477e3be784dd2866d17da2481c79945b9bb9574bf2a4a6a923c43d9cb4432dd6a814cf73c67
-
SSDEEP
6144:HAemIDCLNJHnjIxTjJHfn0lkQGCXtZnALh7pBuc:g6KExT98lRXw7pB
Malware Config
Extracted
trickbot
1000263
lib314
118.97.119.218:449
94.181.47.198:449
144.121.143.129:449
185.200.60.138:449
185.42.52.126:449
181.174.112.74:449
178.116.83.49:443
121.58.242.206:449
182.50.64.148:449
82.222.40.119:449
97.78.222.18:449
67.79.15.106:449
168.167.87.79:443
103.111.53.126:449
182.253.20.66:449
192.188.120.164:443
81.17.86.112:443
95.154.80.154:449
46.149.182.112:449
69.9.232.167:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
1e1cd8e03241b215e25e403ad23c5db674177c566ebd88ff665a1ec214f7e534
-
Size
299KB
-
MD5
fa04235f2c1acd6e551ec5ffecdcf71b
-
SHA1
3b7d78b3cf06f6b0caa20b7b8ae9dc395548a723
-
SHA256
1e1cd8e03241b215e25e403ad23c5db674177c566ebd88ff665a1ec214f7e534
-
SHA512
6d1ee393551222413f3f07252ef7201b51047ef4b76dd8cdc74e2477e3be784dd2866d17da2481c79945b9bb9574bf2a4a6a923c43d9cb4432dd6a814cf73c67
-
SSDEEP
6144:HAemIDCLNJHnjIxTjJHfn0lkQGCXtZnALh7pBuc:g6KExT98lRXw7pB
Score10/10-
Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
-
Trickbot x86 loader
Detected Trickbot's x86 loader that unpacks the x86 payload.
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-