General
-
Target
Inv.Docum.559488870.doc
-
Size
215KB
-
Sample
201208-7fnyymrczs
-
MD5
00a2b86ce0838d196772467738cbf883
-
SHA1
fd9d7e35c7b1ad644d1970bb6ac4e184171486f4
-
SHA256
0144312afb25e3dbef3ef44e2802c3bbd93527eea90ea8d325c7e8193e57d9c4
-
SHA512
da97703e140912d396a950aad0a971fb6cd6e0f2e27d29a8009048b8cd29a9f3ee8c87e886dd460f915ada9235152168666c0556b148bfa4d9d306fe8eadeb3a
Static task
static1
Behavioral task
behavioral1
Sample
Inv.Docum.559488870.doc
Resource
win7v20201028
Malware Config
Extracted
https://findqualityparts.com/kr44dt.zip
https://saelectronicstrading.com/dekkp2ciq.zip
http://loftkultur.binkhalidinternational.com/hh7lww450.zip
http://excursoesdeinhamais.resultaweb.com.br/edyk3dbr.zip
http://vibeautospa.com/xm9d9i.zip
https://greeninvestconsulting.com/c51qtl1uf.zip
https://owl-squad.com/icg2mmdqx.zip
Extracted
dridex
10555
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
Targets
-
-
Target
Inv.Docum.559488870.doc
-
Size
215KB
-
MD5
00a2b86ce0838d196772467738cbf883
-
SHA1
fd9d7e35c7b1ad644d1970bb6ac4e184171486f4
-
SHA256
0144312afb25e3dbef3ef44e2802c3bbd93527eea90ea8d325c7e8193e57d9c4
-
SHA512
da97703e140912d396a950aad0a971fb6cd6e0f2e27d29a8009048b8cd29a9f3ee8c87e886dd460f915ada9235152168666c0556b148bfa4d9d306fe8eadeb3a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-