General
-
Target
8b535835648e9b123abe3bc278419349
-
Size
1.2MB
-
Sample
240203-efbgragdg6
-
MD5
8b535835648e9b123abe3bc278419349
-
SHA1
0650bacf01e9f3e41be961f2ee9b4eb661e064a0
-
SHA256
f148ce48975a10fab19af13adbaadb5a8dc6b737fe3c13a5a5e2d8b53f59b72f
-
SHA512
023892b6b4fff0f6ce23a42132e37dc624d445417d31d307fba3e8f92f4f047fbfb2c77d59260a16136bed2e5d19ee87e5142a1c98515c1bd622272f7225e54f
-
SSDEEP
24576:aQCxw3cNf8dX1B5GhIviV81pTXSg/vVDlIBPWjlryy7zcivN:aQi5f8dlLGC6G/TXJli4jlh7zzl
Static task
static1
Behavioral task
behavioral1
Sample
8b535835648e9b123abe3bc278419349.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8b535835648e9b123abe3bc278419349.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
trickbot
2000022
mor1
85.204.116.83:443
91.200.100.143:443
83.151.14.13:443
107.191.61.39:443
113.160.129.15:443
139.162.182.54:443
139.162.44.152:443
144.202.106.23:443
158.247.219.186:443
172.105.107.25:443
172.105.190.51:443
172.105.196.53:443
172.105.25.190:443
178.79.138.253:443
192.46.229.48:443
207.246.92.48:443
216.128.130.16:443
45.79.126.97:443
45.79.155.9:443
45.79.212.97:443
45.79.253.142:443
45.79.90.143:443
66.42.113.16:443
85.159.214.61:443
-
autorunName:pwgrab
Targets
-
-
Target
8b535835648e9b123abe3bc278419349
-
Size
1.2MB
-
MD5
8b535835648e9b123abe3bc278419349
-
SHA1
0650bacf01e9f3e41be961f2ee9b4eb661e064a0
-
SHA256
f148ce48975a10fab19af13adbaadb5a8dc6b737fe3c13a5a5e2d8b53f59b72f
-
SHA512
023892b6b4fff0f6ce23a42132e37dc624d445417d31d307fba3e8f92f4f047fbfb2c77d59260a16136bed2e5d19ee87e5142a1c98515c1bd622272f7225e54f
-
SSDEEP
24576:aQCxw3cNf8dX1B5GhIviV81pTXSg/vVDlIBPWjlryy7zcivN:aQi5f8dlLGC6G/TXJli4jlh7zzl
Score10/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-