General
-
Target
Inv_121314_42664.xlsm
-
Size
26KB
-
Sample
201102-1ldr4jfsyn
-
MD5
1b109efade90ace7d953507adb1f1563
-
SHA1
e4eef787b94f80e5374a2058cafc6a37d3fa2c0f
-
SHA256
2ec35da14989692e77df25d56c7b1d43a3e93a72ec2fc7cce67b2fa448744752
-
SHA512
4c16f6fcbb91b7a75cf7f1b2bb9938aa4275c0954f9ec1a2b189e100b53e225d0bfb2ae95dd167a794a6e88feb8fece8d05c6ce8149ae975d34886cff32a937f
Static task
static1
Behavioral task
behavioral1
Sample
Inv_121314_42664.xlsm
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
195.154.237.245:443
46.105.131.73:8172
91.238.160.158:18443
213.183.128.99:3786
Targets
-
-
Target
Inv_121314_42664.xlsm
-
Size
26KB
-
MD5
1b109efade90ace7d953507adb1f1563
-
SHA1
e4eef787b94f80e5374a2058cafc6a37d3fa2c0f
-
SHA256
2ec35da14989692e77df25d56c7b1d43a3e93a72ec2fc7cce67b2fa448744752
-
SHA512
4c16f6fcbb91b7a75cf7f1b2bb9938aa4275c0954f9ec1a2b189e100b53e225d0bfb2ae95dd167a794a6e88feb8fece8d05c6ce8149ae975d34886cff32a937f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-