Overview

overview

10

Static

static

10

VirusShare...8d.exe

windows7-x64

1

VirusShare...8d.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_01b55404de50bd1a56343b2f316ff88d

  • Size

    121KB

  • MD5

    01b55404de50bd1a56343b2f316ff88d

  • SHA1

    8a6b9599d3e71c83eaef7f5a23df21b4f41370b1

  • SHA256

    69bd652ace6469311a49a12f66bbbc691bdfc69aba958dd02d928464cbb46609

  • SHA512

    f1ec4bf6768dea2edc53c72dd7c884641a464f4268d21480bb55fbdb1079b8c5c9fb50eab4b29d13acb4a8682ca6ae291341e01b748e228b185676e48df2e598

  • SSDEEP

    3072:JrhJGtDfYtWAh3A8lKl+/63VBwxkbwQXz8lFTnc:JrhJoDfY13KE/qVlNYvnc

Score
10/10
ono33trickbot

Malware Config

Extracted

Family

trickbot

Version

1000501

Botnet

ono33

C2

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot family
    trickbot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • VirusShare_01b55404de50bd1a56343b2f316ff88d
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections