General
-
Target
PDF#439904575.doc
-
Size
111KB
-
Sample
201103-p5p5pwa1wx
-
MD5
8f33e15e96940e973730a2f9e14bea01
-
SHA1
e60e1440917d9964db4b4baec525516b5b5255a9
-
SHA256
c8a95eea1d734b39f042f0e2896111802e82621f6d5759e57420ccb03a07964b
-
SHA512
fea98a4a4b928bb701dd9cd7f28926ff6b8d80e60610796add510768761bb53a390808da4ee46c13a983f89bcf63eef2778d25deda480ca5f447e46ee05712e2
Static task
static1
Behavioral task
behavioral1
Sample
PDF#439904575.doc
Resource
win7v20201028
Malware Config
Extracted
https://nuwvbfigh0bnuwvbfigh0b.belchem.com/oiy2t6jt.rar
http://www.admin.halaladvisor.com.au/ggvopq.rar
http://viviangray.uzor.group/j5zspe.zip
https://egitim.osgbpro.com/zze6enps.zip
https://pop.xpleomedia.com/nival5t35.rar
https://electronlab.org/zudt9vey3.rar
http://investmentevening.fisherdugmore.co.za/t6qmxn.zip
Extracted
dridex
10555
195.154.237.245:443
46.105.131.73:8172
91.238.160.158:18443
213.183.128.99:3786
Targets
-
-
Target
PDF#439904575.doc
-
Size
111KB
-
MD5
8f33e15e96940e973730a2f9e14bea01
-
SHA1
e60e1440917d9964db4b4baec525516b5b5255a9
-
SHA256
c8a95eea1d734b39f042f0e2896111802e82621f6d5759e57420ccb03a07964b
-
SHA512
fea98a4a4b928bb701dd9cd7f28926ff6b8d80e60610796add510768761bb53a390808da4ee46c13a983f89bcf63eef2778d25deda480ca5f447e46ee05712e2
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-