Analysis of latest Trickbot malware sample - served in excel attachment

Twitter link:

The malware sample of trickbot was already submitted in the anyrun online sandbox for malware analysis.




We collected this malware sample and performed a manual analysis. The file details are:


Searched this hash in the VirusTotal for detection hits:


File name: Unpaid_invoice_1462.xls

File size: 109.5 KB
SHA256: 9e777e1e2e80909b5054c1eca935edc7046feb7d4546f40d392549e2f481d08e
MD5: 1f38f17810621dbff93a4e8cbd2ea1bf

This excel embedded with a macro that connects to a suspicious URL. We executed the malware in our VM, it prompts to enable the macro. After enabling, it to try to connect the following Link:

URL: pnxkntdl(.)xyz/KJSDBViad7

Currently, it didn’t download any other payloads.



Post made by

Comments

Popular Posts