General
-
Target
Subconract_1541.xls
-
Size
805KB
-
Sample
210114-7jczrbyez6
-
MD5
90501b4eda1eaacd5773c77717050e51
-
SHA1
31a5e6dab54af69ff3991af5f3c2e8fc83daf975
-
SHA256
0b110be9ae7f5755dad4e964cd94566a0252586a000feb669c5dd75b2307b214
-
SHA512
dbc8a965d20aa95e9e3bfde5abcc274ef08b5210e5432f940ce2446a244b2eef19cb216bb4799537e39e6000b1083256cac7e64938a938fe09c6471fe557adf3
Static task
static1
Behavioral task
behavioral1
Sample
Subconract_1541.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Subconract_1541.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Subconract_1541.xls
-
Size
805KB
-
MD5
90501b4eda1eaacd5773c77717050e51
-
SHA1
31a5e6dab54af69ff3991af5f3c2e8fc83daf975
-
SHA256
0b110be9ae7f5755dad4e964cd94566a0252586a000feb669c5dd75b2307b214
-
SHA512
dbc8a965d20aa95e9e3bfde5abcc274ef08b5210e5432f940ce2446a244b2eef19cb216bb4799537e39e6000b1083256cac7e64938a938fe09c6471fe557adf3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-