General
-
Target
DHL_Billing_Invoice 1375130042.xlsm
-
Size
54KB
-
Sample
201118-p9j5wvl8r6
-
MD5
d36fe8561ddae6c583bf4a794ca2fa82
-
SHA1
29160334a39d5a42e493a0ceb4fe2615c5231842
-
SHA256
566dc4913b97ded117228c2850122e4761ec67dc44b304e29f2d5959318c7496
-
SHA512
5bfc5c8b0c97999bd4ebddffe106fd35eba31c64b9f6a577045d336338619f2b985229147a5dc2c06115895c55f218b3676bcaad6de823d0e6279d22ad0ccea1
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Billing_Invoice 1375130042.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL_Billing_Invoice 1375130042.xlsm
Resource
win10v20201028
Malware Config
Extracted
dridex
10444
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Targets
-
-
Target
DHL_Billing_Invoice 1375130042.xlsm
-
Size
54KB
-
MD5
d36fe8561ddae6c583bf4a794ca2fa82
-
SHA1
29160334a39d5a42e493a0ceb4fe2615c5231842
-
SHA256
566dc4913b97ded117228c2850122e4761ec67dc44b304e29f2d5959318c7496
-
SHA512
5bfc5c8b0c97999bd4ebddffe106fd35eba31c64b9f6a577045d336338619f2b985229147a5dc2c06115895c55f218b3676bcaad6de823d0e6279d22ad0ccea1
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-