General
-
Target
asdodnj1119505.doc
-
Size
1MB
-
Sample
201007-meaceze37e
-
MD5
c4dc25fdbdc0b722de6cb190e08757ce
-
SHA1
d52e95b887badf0081d66965913555a0b59f00e9
-
SHA256
5e84efe4d51ed6e3de4aca32ec599edaf9fd1a2ff1a45dae5d471a53fd121e3e
-
SHA512
7fe15ed619e2957ba3563c05c807e673f9927e1a4324c95114aca04dd30e1fc1dfb18a55a3840278b7ef1fe5346b242e6875c2228344302c51c3398c211c9a48
Static task
static1
Behavioral task
behavioral2
Sample
asdodnj1119505.doc
Resource
win10v200722
Malware Config
Extracted
trickbot
2000010
ono78
195.123.239.59:443
85.143.219.36:443
94.250.254.84:443
94.250.255.217:443
212.80.219.98:443
91.210.171.82:443
45.8.230.108:443
194.156.98.172:443
195.2.93.227:443
62.108.35.179:443
91.200.101.192:443
194.5.249.31:443
195.123.241.157:443
104.161.32.10:443
88.150.197.186:443
62.108.35.204:443
45.155.173.196:443
51.89.177.18:443
194.5.249.107:443
195.123.241.182:443
-
autorunName:pwgrab
Targets
-
-
Target
asdodnj1119505.doc
-
Size
1MB
-
MD5
c4dc25fdbdc0b722de6cb190e08757ce
-
SHA1
d52e95b887badf0081d66965913555a0b59f00e9
-
SHA256
5e84efe4d51ed6e3de4aca32ec599edaf9fd1a2ff1a45dae5d471a53fd121e3e
-
SHA512
7fe15ed619e2957ba3563c05c807e673f9927e1a4324c95114aca04dd30e1fc1dfb18a55a3840278b7ef1fe5346b242e6875c2228344302c51c3398c211c9a48
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Drops file in System32 directory
-