General
-
Target
legislate 09.21.doc
-
Size
69KB
-
Sample
210913-ve9k6aebc2
-
MD5
24001fc51ff0994fe9c43b4653918f5e
-
SHA1
ae3b0439ed5fc269887d0094c8afac934e7d8980
-
SHA256
f0fc164d92dfb1e3890153984d931ced828bb68b7aa6126980aded29720aea70
-
SHA512
28c8d747b8e8d8629c192501cc418e42cf4fce94d77f03c67431bb985c48b152763afde1b178778b71dababe6a47a625c13cad3b865465b935866b5bf0df42fa
Behavioral task
behavioral1
Sample
legislate 09.21.doc
Resource
win7-en
Behavioral task
behavioral2
Sample
legislate 09.21.doc
Resource
win10v20210408
Malware Config
Extracted
trickbot
2000033
zem1
179.42.137.102:443
191.36.152.198:443
179.42.137.104:443
179.42.137.106:443
179.42.137.108:443
202.183.12.124:443
194.190.18.122:443
103.56.207.230:443
171.103.187.218:449
171.103.189.118:449
18.139.111.104:443
179.42.137.105:443
186.4.193.75:443
171.101.229.2:449
179.42.137.107:443
103.56.43.209:449
179.42.137.110:443
45.181.207.156:443
197.44.54.162:449
179.42.137.109:443
103.59.105.226:449
45.181.207.101:443
117.196.236.205:443
72.224.45.102:449
179.42.137.111:443
96.47.239.181:443
171.100.112.190:449
117.196.239.6:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
legislate 09.21.doc
-
Size
69KB
-
MD5
24001fc51ff0994fe9c43b4653918f5e
-
SHA1
ae3b0439ed5fc269887d0094c8afac934e7d8980
-
SHA256
f0fc164d92dfb1e3890153984d931ced828bb68b7aa6126980aded29720aea70
-
SHA512
28c8d747b8e8d8629c192501cc418e42cf4fce94d77f03c67431bb985c48b152763afde1b178778b71dababe6a47a625c13cad3b865465b935866b5bf0df42fa
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-