General
-
Target
2021-07-16-TA551-email-example.eml
-
Size
56KB
-
Sample
210716-wtvmasx7as
-
MD5
7e824fa00e10e1e7aada2c6fb3843896
-
SHA1
1704a904ecda0a9c772e47d984a45d688f242ced
-
SHA256
c3c714fb6f2acbe9119203d980972629042e9f200fe8c4bc0f19381e4118f07d
-
SHA512
c02ac24c80b497224ebb2220f6f82726963b1d6c86c81dbb00cc50006cfa1b08c564afafb35918a39c679c2f47aa7f9668b3c869fe1207f0767e2f0187bc916c
Static task
static1
Behavioral task
behavioral1
Sample
bid 07.16.2021.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
bid 07.16.2021.doc
Resource
win10v20210410
Malware Config
Extracted
trickbot
2000031
zev1
14.232.161.45:443
118.173.233.64:443
41.57.156.203:443
45.239.234.2:443
45.201.136.3:443
177.10.90.29:443
185.17.105.236:443
91.237.161.87:443
185.189.55.207:443
186.225.119.170:443
143.0.208.20:443
222.124.16.74:443
220.82.64.198:443
200.236.218.62:443
178.216.28.59:443
45.239.233.131:443
196.216.59.174:443
119.202.8.249:443
82.159.149.37:443
49.248.217.170:443
181.114.215.239:443
113.160.132.237:443
105.30.26.50:443
202.165.47.106:443
103.122.228.44:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
bid 07.16.2021.doc
-
Size
87KB
-
MD5
0890bb39965b1007390c179a91c746e5
-
SHA1
d8f074893054deeee451e6c005b342807c9ad239
-
SHA256
807ae0df3ec8455f90dafd7835e191a4de5979c70f1a30b912278809b8a9dd17
-
SHA512
2b2cfd89edf25cc23a6c6c8c76c4c70a192bdcc025880a296bb8b4bc5f04cf2e45ced015049a4ecf45ad988afcdc30b8ba0a7886ffd7f5984ddd4e59b21c05d6
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-