General
-
Target
4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03.xls
-
Size
62KB
-
Sample
201202-aacfakcq5x
-
MD5
39eb52a7ff92ab88d45f9645f12c42e7
-
SHA1
fa9c3ef6c474b90c67149a3be4bf6916fd48fb31
-
SHA256
4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03
-
SHA512
ed752b7f74863a962bd52753a6b4fc3d9f5887690a0ffeb05c5c76e10fb0433374ba43e084863cefaf52bc39ea0e71e2ebb4bd669bab9d764c996313f091fa47
Static task
static1
Behavioral task
behavioral1
Sample
4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03.xls
Resource
win7v20201028
Malware Config
Extracted
trickbot
100004
rob12
103.250.70.163:443
181.196.24.6:443
103.87.25.220:443
2.179.73.140:443
118.69.133.4:443
202.62.47.109:443
14.102.109.190:443
103.78.81.5:443
116.0.54.227:443
36.94.193.167:443
194.5.179.82:443
213.235.183.78:443
103.52.47.20:449
-
autorunName:pwgrab
Targets
-
-
Target
4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03.xls
-
Size
62KB
-
MD5
39eb52a7ff92ab88d45f9645f12c42e7
-
SHA1
fa9c3ef6c474b90c67149a3be4bf6916fd48fb31
-
SHA256
4135b0a92b446582588230a68d2bafe64196e41284a19c04de27be091513fe03
-
SHA512
ed752b7f74863a962bd52753a6b4fc3d9f5887690a0ffeb05c5c76e10fb0433374ba43e084863cefaf52bc39ea0e71e2ebb4bd669bab9d764c996313f091fa47
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-