trickbot | dfndr[.]zip

General

Target

dfndr.zip
Size

81KB
MD5

2a755926e880fffb1e0716a6a43e20f3
SHA1

10b23627ab926991ca06fd5999b1a957efd29f6d
SHA256

35f7b41f3081beb9eb63506bf32433d3b3ca71126dd103f5922d629ca0c910bf
SHA512

31ec58671791fa541036741abb90d4b874ed11c6ce693971d51753f695f5fcbeaa7e60bf5349f79287b951d4a1b0ac64fcd4b129a7d11c3afdc0ce3a1679c11c
SSDEEP

1536:edunk49mSmBjA/2jAXb+R+AnlgQIA+BLNpoqyYMB/cfnNCXd:Yuk/S8AX6Jl5I7LfoB3CCXd

Score

10^/10

top140 trickbot

Malware Config

Extracted

Family

trickbot

Version

100019

Botnet

top140

C2

65.152.201.203:443

185.56.175.122:443

46.99.175.217:443

179.189.229.254:443

46.99.175.149:443

181.129.167.82:443

216.166.148.187:443

46.99.188.223:443

128.201.76.252:443

62.99.79.77:443

60.51.47.65:443

24.162.214.166:443

45.36.99.184:443

97.83.40.67:443

184.74.99.214:443

103.105.254.17:443

62.99.76.213:443

82.159.149.52:443

Attributes

autorun
Name:pwgrabb
Name:pwgrabc

ecc_pubkey.base64

Signatures

Trickbot family
trickbot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dfndr.exe

Files

dfndr.zip
.zip

Password: infected
dfndr.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 3KB