General
-
Target
Payment form-976107909.doc
-
Size
125KB
-
Sample
201208-kact7an4d6
-
MD5
e5bba655925c16e96ca53ac03a5be3e0
-
SHA1
0c0bae0188249370efe950627192f63929d02e64
-
SHA256
c71ee0a48c0b3f9447490e67c8fefa200785ece00e91a8c24036d230ac0c4b91
-
SHA512
2c82fa4900ded1d5022ee0982060328cf3fe7f71800c8bbdd7fd6a3aa1df794a78d5ef66b1964c960ee1b9c9fd7c93a3129efa8330b531fa80fe04f98208df32
Static task
static1
Behavioral task
behavioral1
Sample
Payment form-976107909.doc
Resource
win7v20201028
Malware Config
Extracted
https://mountainceramic.com/kx8vjddb.rar
http://siemensagent.com/ny2tqv.zip
https://final.makkahkmcc.com/shqay5y.rar
https://bhasinbrothers.com/cdy7qodb.rar
https://test.chongthamsika.com.vn/jl4gs4ar.zip
https://skvflexandoffset.in/igjkrk3.rar
http://weedcompare.co.uk/mkcy8uttq.zip
https://thisismycurrentproject.com/rtftdo.rar
Extracted
dridex
10555
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
Targets
-
-
Target
Payment form-976107909.doc
-
Size
125KB
-
MD5
e5bba655925c16e96ca53ac03a5be3e0
-
SHA1
0c0bae0188249370efe950627192f63929d02e64
-
SHA256
c71ee0a48c0b3f9447490e67c8fefa200785ece00e91a8c24036d230ac0c4b91
-
SHA512
2c82fa4900ded1d5022ee0982060328cf3fe7f71800c8bbdd7fd6a3aa1df794a78d5ef66b1964c960ee1b9c9fd7c93a3129efa8330b531fa80fe04f98208df32
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-