General
-
Target
SecuriteInfo.com.Generic.mg.1044ad70fad41bf6.6525
-
Size
540KB
-
Sample
200629-8pm6sv92wa
-
MD5
1044ad70fad41bf6a0e6bce33cfe2385
-
SHA1
61cedd6522cf7e43e70da89f838ddfabcaf3efc5
-
SHA256
3a7aeb8afd9e1bdb9e8d83cea2b3d4a981be1ea951c46e48cf6c96a9852d1d14
-
SHA512
b609a912fe1a96fd05ec9d688d1d11e8fdb5c5307c26301fbde6ccb622561518aeec553795947780d8939ee0cbfaa0bb71a850529cf9a0c1703227b2b8750628
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.1044ad70fad41bf6.6525.exe
Resource
win7
Malware Config
Extracted
trickbot
1000512
ono51
95.171.16.42:443
185.90.61.9:443
5.1.81.68:443
185.99.2.65:443
134.119.191.11:443
85.204.116.100:443
78.108.216.47:443
51.81.112.144:443
194.5.250.121:443
185.14.31.104:443
185.99.2.66:443
107.175.72.141:443
192.3.247.123:443
134.119.191.21:443
85.204.116.216:443
91.235.129.20:443
181.129.104.139:449
181.112.157.42:449
181.129.134.18:449
131.161.253.190:449
121.100.19.18:449
190.136.178.52:449
45.6.16.68:449
110.232.76.39:449
122.50.6.122:449
103.12.161.194:449
36.91.45.10:449
110.93.15.98:449
80.210.32.67:449
103.111.83.246:449
200.107.35.154:449
36.89.182.225:449
36.89.243.241:449
36.92.19.205:449
110.50.84.5:449
182.253.113.67:449
36.66.218.117:449
-
autorunName:pwgrab
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.1044ad70fad41bf6.6525
-
Size
540KB
-
MD5
1044ad70fad41bf6a0e6bce33cfe2385
-
SHA1
61cedd6522cf7e43e70da89f838ddfabcaf3efc5
-
SHA256
3a7aeb8afd9e1bdb9e8d83cea2b3d4a981be1ea951c46e48cf6c96a9852d1d14
-
SHA512
b609a912fe1a96fd05ec9d688d1d11e8fdb5c5307c26301fbde6ccb622561518aeec553795947780d8939ee0cbfaa0bb71a850529cf9a0c1703227b2b8750628
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-