General
-
Target
trickbot.xls.zip
-
Size
24KB
-
Sample
210224-hmyhjzph8s
-
MD5
93036788d99ca7ae57a5a38ba5f4624f
-
SHA1
b80f13adddf9b1d20e72df4a9712d15e56e54e67
-
SHA256
0f762e82649c034434fe38dfd45835ad4e560b377a9a7c23e30578fbaf1b1505
-
SHA512
77afc459b902ec57a055db3d33db012f49fc4e54561ffa77720a42d489a492052f92d2656eea9777659e404eea6e3258cb306b92e107c9f9b959d4045c90c017
Behavioral task
behavioral1
Sample
trickbot.xls
Resource
win10v20201028
Behavioral task
behavioral2
Sample
trickbot.xls
Resource
win10v20201028
Behavioral task
behavioral3
Sample
trickbot.xls
Resource
win10v20201028
Behavioral task
behavioral4
Sample
trickbot.xls
Resource
win10v20201028
Behavioral task
behavioral5
Sample
trickbot.xls
Resource
win7v20201028
Malware Config
Extracted
http://soberlifeco.com/contra/storage.php
Targets
-
-
Target
trickbot.xls
-
Size
52KB
-
MD5
2fa033c8bbdf1bd937125042588cdec9
-
SHA1
b9a0d6ff9a77fc9b223abe2c560a7e888026e3bb
-
SHA256
1df473992bd7c161fc1964c5d895f16240b417005fc69d20d3b9013c6c18dee8
-
SHA512
7eccb690657f33ee7c8e7ae5792441d69a3f4e99df5735cb81cff7d4c0ab44928ad2b84b0386296face223e921d19c5fa3f52e4afc45d7e9e779481a40a8ba95
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-