Twitter link:
The malware sample of trickbot was already submitted in the
anyrun online sandbox for malware analysis.
We collected this malware sample and performed a manual
analysis. The file details are:
Searched this hash in the VirusTotal for detection hits:
File name: Unpaid_invoice_1462.xls
File size: 109.5 KB
SHA256: 9e777e1e2e80909b5054c1eca935edc7046feb7d4546f40d392549e2f481d08e
MD5: 1f38f17810621dbff93a4e8cbd2ea1bf
This excel embedded with a macro that connects to a
suspicious URL. We executed the malware in our VM, it prompts to enable the macro. After enabling, it to try to connect the following Link:
URL: pnxkntdl(.)xyz/KJSDBViad7
Currently, it didn’t download any other payloads.
Post made by
No comments:
Post a Comment