General
-
Target
8b874c3100add07aaafd5ffbae6af5e6
-
Size
432KB
-
Sample
240203-gakjkscffk
-
MD5
8b874c3100add07aaafd5ffbae6af5e6
-
SHA1
ccd9d9a0c2d5e79a01ccb70a71595eb87674ce8b
-
SHA256
65c48bb0a15c08365401769c1a36810bbc3ae81cad63457dd9b7c1056fc6cd4c
-
SHA512
bba3f843a8859270e970453ebf699885fd7925696927ff6fdb3cbc8b56cb09eb75fac373ad0c183c913ac76b778b1819fd85cdaf01cba61dda805d300fbe19a6
-
SSDEEP
6144:6P14dTRyLGoEKr8ArJsnAvmqUscqS+SQCx+7UtfjSRIdukLkVTpvUzJMm1DeHa09:EsTRsG7ZA1szqS+3Cx+7LknLwWb9V6J
Static task
static1
Behavioral task
behavioral1
Sample
8b874c3100add07aaafd5ffbae6af5e6.exe
Resource
win7-20231215-en
Malware Config
Extracted
trickbot
1000084
now1
187.188.162.150:449
185.28.63.109:449
83.0.245.234:449
213.241.29.89:449
62.109.31.123:443
92.63.106.191:443
92.63.107.14:443
82.146.62.66:443
92.63.107.222:443
92.63.104.211:443
62.109.25.3:443
188.120.241.27:443
179.43.160.41:443
185.158.114.143:443
179.43.147.220:443
92.53.67.7:443
78.155.206.172:443
62.109.27.155:443
62.109.26.208:443
37.230.113.231:443
149.154.69.126:443
95.213.191.144:443
82.202.226.229:443
37.230.113.249:443
149.154.69.129:443
185.158.114.72:443
179.43.160.50:443
-
autorunControl:GetSystemInfoName:systeminfoName:injectDll
Targets
-
-
Target
8b874c3100add07aaafd5ffbae6af5e6
-
Size
432KB
-
MD5
8b874c3100add07aaafd5ffbae6af5e6
-
SHA1
ccd9d9a0c2d5e79a01ccb70a71595eb87674ce8b
-
SHA256
65c48bb0a15c08365401769c1a36810bbc3ae81cad63457dd9b7c1056fc6cd4c
-
SHA512
bba3f843a8859270e970453ebf699885fd7925696927ff6fdb3cbc8b56cb09eb75fac373ad0c183c913ac76b778b1819fd85cdaf01cba61dda805d300fbe19a6
-
SSDEEP
6144:6P14dTRyLGoEKr8ArJsnAvmqUscqS+SQCx+7UtfjSRIdukLkVTpvUzJMm1DeHa09:EsTRsG7ZA1szqS+3Cx+7LknLwWb9V6J
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-