General
-
Target
Inv.Docum_323925335.doc.zip
-
Size
46KB
-
Sample
201209-lpl67ry54n
-
MD5
d9fa1bfce0b902a7f0d10c5979c34be7
-
SHA1
1b24b85098bf54607087e35b744911f2e827c6d5
-
SHA256
2b8b585d0084b819ea6bee74f896613e1d742bbac10a661c3097cf60e3ebd879
-
SHA512
446064babec598e2a1c071ddf8b816569fcf75e398d67882ac195a8bbea0c257f6509558d043b146e5f68f555555042f8352776f3d1e9b48bb72770130692d4e
Static task
static1
Behavioral task
behavioral1
Sample
Inv.Docum_323925335.doc
Resource
win7v20201028
Malware Config
Extracted
https://mountainceramic.com/kx8vjddb.rar
http://siemensagent.com/ny2tqv.zip
https://final.makkahkmcc.com/shqay5y.rar
https://bhasinbrothers.com/cdy7qodb.rar
https://test.chongthamsika.com.vn/jl4gs4ar.zip
https://skvflexandoffset.in/igjkrk3.rar
http://weedcompare.co.uk/mkcy8uttq.zip
https://thisismycurrentproject.com/rtftdo.rar
Extracted
dridex
10555
104.131.164.93:443
46.101.90.205:4643
27.254.174.84:4443
92.94.251.127:3786
Targets
-
-
Target
Inv.Docum_323925335.doc
-
Size
125KB
-
MD5
5c444e90c7b3b1175aa3f4bf033d2ef5
-
SHA1
66736c8bf74de6e40050f18054df455efd7ec060
-
SHA256
7b489dd3122109c2d71b1ddfd04a0254dbaffe9585da9281c1c8d09c7051c10e
-
SHA512
c9f3ce7123495adda27949079c32119336dc220cd3772b12de1d4d97ac16b0f86f2f29a9a28664db5abfa3d7ceb74c3bc7b23f38bb1520d4e7e403f9e3fefdd2
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-