General
-
Target
Contract_#_599848.xls
-
Size
815KB
-
Sample
210114-83xfy3cvwa
-
MD5
82ee594ab9d12d0a00bf399beb7f4e1f
-
SHA1
5b58a1fefd63ca221b0eeca61b9378db25ae0eb1
-
SHA256
05b9806f446c71ca46bbddc10176bf28838430bbecb9545cc730fdb93b205476
-
SHA512
78b80fc1780c51f827ee6f71111b3b037ef0605cbe364b039e7746f6704759f9b1f2c725e7e5869bedf0a11dc9d41d21a9d527f8b2cffcd222818f7ac8651cc5
Static task
static1
Behavioral task
behavioral1
Sample
Contract_#_599848.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Contract_#_599848.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Contract_#_599848.xls
-
Size
815KB
-
MD5
82ee594ab9d12d0a00bf399beb7f4e1f
-
SHA1
5b58a1fefd63ca221b0eeca61b9378db25ae0eb1
-
SHA256
05b9806f446c71ca46bbddc10176bf28838430bbecb9545cc730fdb93b205476
-
SHA512
78b80fc1780c51f827ee6f71111b3b037ef0605cbe364b039e7746f6704759f9b1f2c725e7e5869bedf0a11dc9d41d21a9d527f8b2cffcd222818f7ac8651cc5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-