General
-
Target
TribotFullVersion.exe
-
Size
11.2MB
-
Sample
240403-x2l5gsab8z
-
MD5
223bbc10146d34f73ca3249327bf2664
-
SHA1
bb7dcc00d2bd7f357f7295d947ba2fb6421c079a
-
SHA256
0a1b77b27f91393605794e7a1eced00fbe0e905f562d274760126330be9da87a
-
SHA512
eaed9d7e886f540f45b03cf6f3b374d7c37b8b913d4aa54a7618899b223d3744fafb45ab3bae0dae571dd520cf3370374eb9be2b27df978efd9855556431a65f
-
SSDEEP
196608:7vSHPEkrE8rWRrkqBA1HeT39Iigw7vKub75bcjWgb66e7Ger2REzfPwkZimGio13:7SvEkw8rQjq1+TtIiF7vB5IjWq66ed+X
Malware Config
Targets
-
-
Target
TribotFullVersion.exe
-
Size
11.2MB
-
MD5
223bbc10146d34f73ca3249327bf2664
-
SHA1
bb7dcc00d2bd7f357f7295d947ba2fb6421c079a
-
SHA256
0a1b77b27f91393605794e7a1eced00fbe0e905f562d274760126330be9da87a
-
SHA512
eaed9d7e886f540f45b03cf6f3b374d7c37b8b913d4aa54a7618899b223d3744fafb45ab3bae0dae571dd520cf3370374eb9be2b27df978efd9855556431a65f
-
SSDEEP
196608:7vSHPEkrE8rWRrkqBA1HeT39Iigw7vKub75bcjWgb66e7Ger2REzfPwkZimGio13:7SvEkw8rQjq1+TtIiF7vB5IjWq66ed+X
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-