General
-
Target
files_09.15.2021.doc
-
Size
68KB
-
Sample
210915-qx1nradgem
-
MD5
0a529d4c2ab5cdbafd2014562e25d10a
-
SHA1
6c19cb8f98ca9deb0fb0e06a080bec7f80be8e20
-
SHA256
c02297277ee3d2a8690fcb3f8ac09ee1b34b3a806cee94a31da1b8547592a4d1
-
SHA512
90ad1809ca5d5ef891f8d3d23edcc9944d5f63c3c054518c8cba10927fbc3db9649aeab4ab1f2f036900ba38ddd9e27931aa77ec160c4c1f01a34ed63d6aaf45
Behavioral task
behavioral1
Sample
files_09.15.2021.doc
Resource
win7-en
Malware Config
Extracted
trickbot
2000033
zev4
179.42.137.102:443
191.36.152.198:443
179.42.137.104:443
179.42.137.106:443
179.42.137.108:443
202.183.12.124:443
194.190.18.122:443
103.56.207.230:443
171.103.187.218:449
171.103.189.118:449
18.139.111.104:443
179.42.137.105:443
186.4.193.75:443
171.101.229.2:449
179.42.137.107:443
103.56.43.209:449
179.42.137.110:443
45.181.207.156:443
197.44.54.162:449
179.42.137.109:443
103.59.105.226:449
45.181.207.101:443
117.196.236.205:443
72.224.45.102:449
179.42.137.111:443
96.47.239.181:443
171.100.112.190:449
117.196.239.6:443
-
autorunName:pwgrabbName:pwgrabc
Targets
-
-
Target
files_09.15.2021.doc
-
Size
68KB
-
MD5
0a529d4c2ab5cdbafd2014562e25d10a
-
SHA1
6c19cb8f98ca9deb0fb0e06a080bec7f80be8e20
-
SHA256
c02297277ee3d2a8690fcb3f8ac09ee1b34b3a806cee94a31da1b8547592a4d1
-
SHA512
90ad1809ca5d5ef891f8d3d23edcc9944d5f63c3c054518c8cba10927fbc3db9649aeab4ab1f2f036900ba38ddd9e27931aa77ec160c4c1f01a34ed63d6aaf45
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-