General
-
Target
case_142297110_1765967889.xlsm
-
Size
149KB
-
Sample
210315-h4kefy55ya
-
MD5
cb9f4477fbf6f33c8de41d3a2febcf0f
-
SHA1
97d398eed15462aeeaff7a7b9ef93a61fdf6370d
-
SHA256
438fc9f6931a33ae2ac94848f8b2c3876b3ddf4e4d58c5ed403ca49da3366a34
-
SHA512
b6517693a5a17270ca180c6ec0e6edea0629dbed28a69499247f0dbd2993344417d1f868afbbd8b9fdee21b6321a5ba57a31c95f5d1fc06ff13c1302f53d6969
Behavioral task
behavioral1
Sample
case_142297110_1765967889.xlsm
Resource
win7v20201028
Malware Config
Extracted
http://www.ceder-invest.be/sass/capital.php
Extracted
trickbot
100013
rob77
103.225.138.94:449
122.2.28.70:449
123.200.26.246:449
131.255.106.152:449
142.112.79.223:449
154.126.176.30:449
180.92.238.186:449
187.20.217.129:449
201.20.118.122:449
202.91.41.138:449
95.210.118.90:449
-
autorunName:pwgrab
Targets
-
-
Target
case_142297110_1765967889.xlsm
-
Size
149KB
-
MD5
cb9f4477fbf6f33c8de41d3a2febcf0f
-
SHA1
97d398eed15462aeeaff7a7b9ef93a61fdf6370d
-
SHA256
438fc9f6931a33ae2ac94848f8b2c3876b3ddf4e4d58c5ed403ca49da3366a34
-
SHA512
b6517693a5a17270ca180c6ec0e6edea0629dbed28a69499247f0dbd2993344417d1f868afbbd8b9fdee21b6321a5ba57a31c95f5d1fc06ff13c1302f53d6969
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-