General
-
Target
Invoice_Payment Form_163142.xlsm
-
Size
51KB
-
Sample
201123-wwz7bgzgln
-
MD5
583fcbda6de9764fc9d5d2c21856a3ce
-
SHA1
53b2b1303a2dd6c1f7ad7a5ea9de2838e79380d9
-
SHA256
5d4fdf219371a9d83d31b7e21cd1103b309f124e36dc1a4790e052efe760990f
-
SHA512
93f37f35fcc4e3d7b3540c8b01b00303d087984c87087529239ccf9eee20d5b32c3c13c6f93b8a912b29b2921dbda70b2f2d1b0445efd01bb6cb804f6f9f53b1
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_Payment Form_163142.xlsm
Resource
win7v20201028
Malware Config
Extracted
smokeloader
2020
http://penodux.com/xsmkld/index.php
http://tommusikirtyur.com/xsmkld/index.php
http://ploaernysannyer.com/xsmkld/index.php
http://dersmasfannyer.com/xsmkld/index.php
http://derdsgdannyer.com/xsmkld/index.php
Extracted
dridex
10444
175.126.167.148:443
173.249.20.233:8043
162.241.204.233:4443
138.122.143.40:8043
Targets
-
-
Target
Invoice_Payment Form_163142.xlsm
-
Size
51KB
-
MD5
583fcbda6de9764fc9d5d2c21856a3ce
-
SHA1
53b2b1303a2dd6c1f7ad7a5ea9de2838e79380d9
-
SHA256
5d4fdf219371a9d83d31b7e21cd1103b309f124e36dc1a4790e052efe760990f
-
SHA512
93f37f35fcc4e3d7b3540c8b01b00303d087984c87087529239ccf9eee20d5b32c3c13c6f93b8a912b29b2921dbda70b2f2d1b0445efd01bb6cb804f6f9f53b1
-
Executes dropped EXE
-
Loads dropped DLL
-