General
-
Target
Information 714353.xls
-
Size
698KB
-
Sample
210114-lqrpwn7xee
-
MD5
cfb9c19b6be349c52e5d0d001f03ea85
-
SHA1
ec9d80d0d794643988faa894e25f9aa3345f45f4
-
SHA256
bae3d678224e6e93b486c9cc1c6918c7efd715b841f5cfa8e8c63cf520adbe9c
-
SHA512
2ca9676dca76918a0bf4f85607a27914a9405081c621ad03d483495c4653e8075c46fb48cd0b1b5c9b58247d0b8136e7e539cf6acca740d9c329f8f3e395303c
Static task
static1
Behavioral task
behavioral1
Sample
Information 714353.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Information 714353.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Information 714353.xls
-
Size
698KB
-
MD5
cfb9c19b6be349c52e5d0d001f03ea85
-
SHA1
ec9d80d0d794643988faa894e25f9aa3345f45f4
-
SHA256
bae3d678224e6e93b486c9cc1c6918c7efd715b841f5cfa8e8c63cf520adbe9c
-
SHA512
2ca9676dca76918a0bf4f85607a27914a9405081c621ad03d483495c4653e8075c46fb48cd0b1b5c9b58247d0b8136e7e539cf6acca740d9c329f8f3e395303c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-