General

  • Target

    68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

  • Size

    110KB

  • MD5

    595b19e7618a77ecd00034182c74b0e4

  • SHA1

    c5afa94c84a733dbd86edd2061614946aa9cfb19

  • SHA256

    68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b

  • SHA512

    029a5bef5c5158b33a3eb025782abb3cddeb53223cb80f1fe38fda5e14c0831bf0524fb6ce66aab6cd1f756c10c0c0f20642245a07b073c788bdb7cca33061d2

  • SSDEEP

    3072:wUJC1DZYjcOBmn9nK3lhK7kgB9DTfd+5SEsVoSfR:zIDZ6cOBkE3bKzB9DTV+mV

Score
10/10

Malware Config

Extracted

Family

trickbot

Version

1000488

Botnet

sat68

C2

185.62.189.132:443

5.2.72.84:443

193.37.213.110:443

85.143.220.41:443

5.34.177.50:443

172.82.152.130:443

146.185.253.132:443

107.172.29.108:443

107.172.208.51:443

212.124.117.25:443

64.44.133.151:443

146.185.219.94:443

185.66.13.65:443

194.99.22.48:443

194.5.250.35:443

167.86.123.83:443

107.181.187.221:443

103.219.213.102:449

117.255.221.135:449

189.28.185.50:449

Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 68a34973ae0a7bebdd8415ae1a79296d05c69f6aeed8fc90b21fe3a1fde5687b
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections