General
-
Target
Fax 740.xls
-
Size
886KB
-
Sample
210114-k1dgpz4svx
-
MD5
d7213d92bb25a6163ab3b79ba75f95a0
-
SHA1
9e7d2f00b517a32d2f69ac0c41e48d09507abf5b
-
SHA256
2f34e34033c25325694ee6e100e8b2c0deff78d0527acd72ebc598048ba74fe5
-
SHA512
c57e459822b1463ed646824f74371ec518d09a710f41bc1022657794ec65a1eea2d404267543c076cd5e740d1e79238ddf43a3ed63463d7f7bf22e76de34d0a5
Static task
static1
Behavioral task
behavioral1
Sample
Fax 740.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Fax 740.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Fax 740.xls
-
Size
886KB
-
MD5
d7213d92bb25a6163ab3b79ba75f95a0
-
SHA1
9e7d2f00b517a32d2f69ac0c41e48d09507abf5b
-
SHA256
2f34e34033c25325694ee6e100e8b2c0deff78d0527acd72ebc598048ba74fe5
-
SHA512
c57e459822b1463ed646824f74371ec518d09a710f41bc1022657794ec65a1eea2d404267543c076cd5e740d1e79238ddf43a3ed63463d7f7bf22e76de34d0a5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-