General
-
Target
Order.802796810.doc
-
Size
87KB
-
Sample
210114-dstj2gsacj
-
MD5
b1c2a32cb28d07acc8b2d65ab2012db8
-
SHA1
3ac3123decd86944a576227554edbcbb3d62aa58
-
SHA256
6951461b231a0f4f2ee086768d3e5e79b30dd68efd55da80997d73c160e6ddce
-
SHA512
e459e361501efa4f1c22748a0715c0e78af58690e207e08e40bbe739e002b3b9e10207987345e907559069f0866aca03e4080fe69eb0fa722ef03179dd292430
Behavioral task
behavioral1
Sample
Order.802796810.doc
Resource
win7v20201028
Malware Config
Extracted
http://mail.kyojinconduits.com/jhgun753.zip
http://accuratebc.gr/e0lw3t.zip
http://tumkuv.org.tr/zd8dxb2u.zip
http://theworldofjacob.com/cjsomlo.zip
http://e-macom.com.br/cl35e0.zip
http://legion.seriesnow.website/q33rv2.zip
Extracted
dridex
10555
221.126.244.72:443
195.231.69.151:3889
157.7.166.26:5353
Targets
-
-
Target
Order.802796810.doc
-
Size
87KB
-
MD5
b1c2a32cb28d07acc8b2d65ab2012db8
-
SHA1
3ac3123decd86944a576227554edbcbb3d62aa58
-
SHA256
6951461b231a0f4f2ee086768d3e5e79b30dd68efd55da80997d73c160e6ddce
-
SHA512
e459e361501efa4f1c22748a0715c0e78af58690e207e08e40bbe739e002b3b9e10207987345e907559069f0866aca03e4080fe69eb0fa722ef03179dd292430
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-