Extracted

Extracted

• • Target

    Form_1004276.xlsb

  • Size

    277KB

  • MD5

    830ee920796185f6ef36dc8962ce8cb8

  • SHA1

    89ee9b135716f6aca200d268bf270d28e29d21d7

  • SHA256

    bd4f4450e7d4973ed38cc12cbe6689eb63ff492fb0cc9e6f56144ffe4474aa58

  • SHA512

    a74ceabb94c3157970f5396a98f074faf1951ed1111c17d52f00c046cce1b1117c3b6498c33a82756f607b5bac1660246a30bdaa2887e43e881e26c5589ffcde

  Score

  10^/10

  nloadertrickbotrev3bankerloadertrojan

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot

  • Nloader Payload

  • Templ.dll packer

    Detects Templ.dll packer which usually loads Trickbot.

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2