General
-
Target
Documentation_N00467290036012021.pdf.zip
-
Size
1.1MB
-
Sample
210112-9jksgnsa3e
-
MD5
b7dd1db964e41fa6b46acfc0bb65be01
-
SHA1
5e7d09beec0403626403c4405a2ea428282475f4
-
SHA256
c2016951e9a42f4d1edb3a844555d80b556cf933e72d86edee71640300fb389e
-
SHA512
a89ccc00251a12be2e377d64d6e7ceb30965ae52ad3ec36eed66360e97f6f6d87a0e6d5ed4e2e381477872a07f0e4fd773dd028a530b94671d42537461674e04
Static task
static1
Behavioral task
behavioral1
Sample
Documentation_N00467290036012021.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Documentation_N00467290036012021.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
http://pecas24.mypart.pt/l0sjk3o.dll
Extracted
dridex
10555
77.220.64.37:443
80.86.91.27:3308
5.100.228.233:3389
46.105.131.65:1512
Targets
-
-
Target
Documentation_N00467290036012021.pdf.exe
-
Size
3.0MB
-
MD5
b5cf8e49c029675d46290cad39074fbb
-
SHA1
6248377675180077a96e8b9c112092183d7db6ac
-
SHA256
0908fcbd546e73f904740320a6491d834e5042f753e76c6facf5a201e64ec075
-
SHA512
de1485686c1386c58571da771527a207bb500968c095961a102c3b754975fee7696debd0f1435bd99f6d020a0e570be8a5a5da7bd95be51d63f88bcbea0fe3f9
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-