General
-
Target
legal paper_07.21_9.doc
-
Size
86KB
-
Sample
210715-cwevdnxnhj
-
MD5
137b44ecb48980e4ba15123c9f15f83c
-
SHA1
0b2f64e31c2194ff68a0b93f933c0d25e0c6a117
-
SHA256
274cb0eb63377f2710724bba6daa6cd742d7ac1560063faa87e23f6de9d873d3
-
SHA512
9e9c6d9d62429d91d60b78ae2063119437e0b3b14cb0aa8696ff252813e8595f6e631299231c9d613802821a621036ebf92e7afd546f245ef4fa68fab8b56879
Static task
static1
Behavioral task
behavioral1
Sample
legal paper_07.21_9.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
legal paper_07.21_9.doc
Resource
win10v20210408
Malware Config
Extracted
trickbot
2000031
zev1
14.232.161.45:443
118.173.233.64:443
41.57.156.203:443
45.239.234.2:443
45.201.136.3:443
177.10.90.29:443
185.17.105.236:443
91.237.161.87:443
185.189.55.207:443
186.225.119.170:443
143.0.208.20:443
222.124.16.74:443
220.82.64.198:443
200.236.218.62:443
178.216.28.59:443
45.239.233.131:443
196.216.59.174:443
119.202.8.249:443
82.159.149.37:443
49.248.217.170:443
181.114.215.239:443
113.160.132.237:443
105.30.26.50:443
202.165.47.106:443
103.122.228.44:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
legal paper_07.21_9.doc
-
Size
86KB
-
MD5
137b44ecb48980e4ba15123c9f15f83c
-
SHA1
0b2f64e31c2194ff68a0b93f933c0d25e0c6a117
-
SHA256
274cb0eb63377f2710724bba6daa6cd742d7ac1560063faa87e23f6de9d873d3
-
SHA512
9e9c6d9d62429d91d60b78ae2063119437e0b3b14cb0aa8696ff252813e8595f6e631299231c9d613802821a621036ebf92e7afd546f245ef4fa68fab8b56879
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-