General
-
Target
758aea45863df23a85e149cf6897de2cdacebaa54a0327508e32cd5930f6281a
-
Size
212KB
-
Sample
220317-rrckeacbhn
-
MD5
0050b774daa71519ff1d0d658704a2ea
-
SHA1
1737e1583e9680a792d11b2eabdc2d341f2c3582
-
SHA256
eab9da3018447f4f9e21269e35fd72c307eb14a84f104282c4b26369754ffc03
-
SHA512
3d37f44d61f58e9c8faaf440f5c8246c0cd69a92b28ecdae2c3cdaa8b1980a063a21ba8c7f90cb8118add79af2bc26828da692547461d764e9c726eb3863627e
Malware Config
Extracted
http://158.69.133.79/4261338944736620.dat
http://51.195.35.10/4261338944736620.dat
http://103.155.93.23/4261338944736620.dat
Extracted
http://158.69.133.79/656576667468870.dat
http://51.195.35.10/656576667468870.dat
http://103.155.93.23/656576667468870.dat
Targets
-
-
Target
DocumentIndex-1678751789-12232021.xlsb
-
Size
229KB
-
MD5
2040fdb27edda80b039b080ba3849411
-
SHA1
891be53bee0905c9b3db462ff8a2bfc8f32676a6
-
SHA256
9f4d488e727d9c94bffbf0db0f9f73dd7ffda4f07cc8a09a4b66c90bacba4c43
-
SHA512
07685100cbf8e8441a135dc3c7f55079ea1eadd460e5ab7398bd76873e31fc3fcc59c8f07cc9906ec3ee2a4f3dd1b013afe7bb6a01a3241ce672c9e1b97010ca
Score10/10-
BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Backdoor payload
-