General
-
Target
Document_11_9.doc
-
Size
1.2MB
-
Sample
201109-45pb6hjgcx
-
MD5
0650db5ba1284f04f799ade30a96919e
-
SHA1
f98683987dfc02b61caacae0762fe10abef02798
-
SHA256
4865f214e2eee5cd428229c424715d13746ad29341f89c57994c5123746fa4ce
-
SHA512
95d24fc2e6d5b89e473a3e90ca29c5899086a3a788a5b7fb9efd00c3283a4556098fa1378fdff938bb440d54b0be9e65c4346c0dd45b8c49398a6f41a8f433c6
Static task
static1
Behavioral task
behavioral1
Sample
Document_11_9.doc
Resource
win7v20201028
Malware Config
Extracted
trickbot
100001
tar2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
-
autorunName:pwgrab
Targets
-
-
Target
Document_11_9.doc
-
Size
1.2MB
-
MD5
0650db5ba1284f04f799ade30a96919e
-
SHA1
f98683987dfc02b61caacae0762fe10abef02798
-
SHA256
4865f214e2eee5cd428229c424715d13746ad29341f89c57994c5123746fa4ce
-
SHA512
95d24fc2e6d5b89e473a3e90ca29c5899086a3a788a5b7fb9efd00c3283a4556098fa1378fdff938bb440d54b0be9e65c4346c0dd45b8c49398a6f41a8f433c6
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Modifies service
-