General
-
Target
ORDER787-5.xls
-
Size
161KB
-
Sample
210105-qhdepkbwjx
-
MD5
1d97c6cb50c4107498e4f0e76f539f0c
-
SHA1
a4dc090837c76aed324bea19c9f62e2d47bb7bc8
-
SHA256
1b761a682092f8be6c7e9eef709be08a7105159a5e4ffb7722b0530fba308ba4
-
SHA512
08c580cbb19b3684f96ab82ec358ca42b796d52045c71d7f794f91d745b62f184d0b1c6842dd6577fb2a0b762bd236f1d1d593b3c592767788fda08739b025a3
Static task
static1
Behavioral task
behavioral1
Sample
ORDER787-5.xls
Resource
win7v20201028
Malware Config
Extracted
https://www.penrithdentalimplants.com.au/ls/apperolew.png
Extracted
trickbot
100009
rob33
149.54.11.54:449
36.89.191.119:449
41.159.31.227:449
103.150.68.124:449
103.126.185.7:449
103.112.145.58:449
103.110.53.174:449
102.164.208.44:449
194.5.249.143:443
142.202.191.175:443
195.123.241.31:443
45.89.125.214:443
45.83.151.103:443
91.200.103.41:443
66.70.246.0:443
64.74.160.218:443
198.46.198.115:443
5.34.180.173:443
23.227.196.5:443
195.123.241.115:443
107.152.42.163:443
-
autorunName:pwgrab
Targets
-
-
Target
ORDER787-5.xls
-
Size
161KB
-
MD5
1d97c6cb50c4107498e4f0e76f539f0c
-
SHA1
a4dc090837c76aed324bea19c9f62e2d47bb7bc8
-
SHA256
1b761a682092f8be6c7e9eef709be08a7105159a5e4ffb7722b0530fba308ba4
-
SHA512
08c580cbb19b3684f96ab82ec358ca42b796d52045c71d7f794f91d745b62f184d0b1c6842dd6577fb2a0b762bd236f1d1d593b3c592767788fda08739b025a3
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Loads dropped DLL
-