General
-
Target
1599400056-01282021.xls
-
Size
45KB
-
Sample
210128-aaz8g4j9f2
-
MD5
b4f063612cbe944f5f63e3e132793941
-
SHA1
a406e09e9e71531b184d2acda1192d5de69c1eb4
-
SHA256
c58672786cc5ff1aee1f2f582e209857a8fe055d5fefda026ff374cf7dab3968
-
SHA512
df55081b75c8bdde7b5cbbe00577e1f37f1f90bd19834f58cee601b202fbc75cdefac4da3ce1b0434deb43740b24a60bff9fa9b5c2496ed84cd65b033d8e2e35
Behavioral task
behavioral1
Sample
1599400056-01282021.xls
Resource
win7v20201028
Malware Config
Extracted
trickbot
100010
rob42
5.34.180.180:443
64.74.160.228:443
198.46.198.116:443
5.34.180.185:443
107.152.46.188:443
195.123.241.214:443
23.254.224.2:443
107.172.188.113:443
200.52.147.93:443
185.198.59.45:443
45.14.226.101:443
185.82.126.38:443
85.204.116.139:443
45.155.173.248:443
103.91.244.50:443
45.230.244.20:443
45.226.124.226:443
187.84.95.6:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
180.92.158.244:443
-
autorunName:pwgrab
Targets
-
-
Target
1599400056-01282021.xls
-
Size
45KB
-
MD5
b4f063612cbe944f5f63e3e132793941
-
SHA1
a406e09e9e71531b184d2acda1192d5de69c1eb4
-
SHA256
c58672786cc5ff1aee1f2f582e209857a8fe055d5fefda026ff374cf7dab3968
-
SHA512
df55081b75c8bdde7b5cbbe00577e1f37f1f90bd19834f58cee601b202fbc75cdefac4da3ce1b0434deb43740b24a60bff9fa9b5c2496ed84cd65b033d8e2e35
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Templ.dll packer
Detects Templ.dll packer which usually loads Trickbot.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-