General
-
Target
Order.862393485.doc
-
Size
124KB
-
Sample
201208-695whb5gy6
-
MD5
6680b904d6e55ea0969120e71ce09b62
-
SHA1
924a596b6bb5280bebc08245d89f75c1fe0f319c
-
SHA256
bfa9bd81b48fbbe69d7525456c074b272634b20c7249f4c562a993c4ffbde0d6
-
SHA512
c37059bbefa0727571526925f98de3e5f63a961a68d8c43d3c410ac89ce41c42e1af2d4442f9fc36cd2eaa8cee04580a9dc4c823e970df0c8e70eac5551fa5aa
Static task
static1
Behavioral task
behavioral1
Sample
Order.862393485.doc
Resource
win7v20201028
Malware Config
Extracted
https://mountainceramic.com/kx8vjddb.rar
http://siemensagent.com/ny2tqv.zip
https://final.makkahkmcc.com/shqay5y.rar
https://bhasinbrothers.com/cdy7qodb.rar
https://test.chongthamsika.com.vn/jl4gs4ar.zip
https://skvflexandoffset.in/igjkrk3.rar
http://weedcompare.co.uk/mkcy8uttq.zip
https://thisismycurrentproject.com/rtftdo.rar
Extracted
dridex
10555
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
Targets
-
-
Target
Order.862393485.doc
-
Size
124KB
-
MD5
6680b904d6e55ea0969120e71ce09b62
-
SHA1
924a596b6bb5280bebc08245d89f75c1fe0f319c
-
SHA256
bfa9bd81b48fbbe69d7525456c074b272634b20c7249f4c562a993c4ffbde0d6
-
SHA512
c37059bbefa0727571526925f98de3e5f63a961a68d8c43d3c410ac89ce41c42e1af2d4442f9fc36cd2eaa8cee04580a9dc4c823e970df0c8e70eac5551fa5aa
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-