General
-
Target
Confidential_123.xls
-
Size
718KB
-
Sample
210114-lr6jdaya4n
-
MD5
fcd41b38e1a97fa769c5a9383b3652da
-
SHA1
bf5e3db26379cbc9dab2256d87a84c78f222e56e
-
SHA256
b4fa49afb10b8ceb2cbf7c422be2c024be8f298988da16d436df0a136ece5bf3
-
SHA512
dd2304b7c79dc2b6f631dd004c45cb19be66a51f5124b3a1441ff3fb173497421b52777bbeb7fa240edc722bece2a364252c0ca14e535ff4ce6ffc213442eb56
Static task
static1
Behavioral task
behavioral1
Sample
Confidential_123.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Confidential_123.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Confidential_123.xls
-
Size
718KB
-
MD5
fcd41b38e1a97fa769c5a9383b3652da
-
SHA1
bf5e3db26379cbc9dab2256d87a84c78f222e56e
-
SHA256
b4fa49afb10b8ceb2cbf7c422be2c024be8f298988da16d436df0a136ece5bf3
-
SHA512
dd2304b7c79dc2b6f631dd004c45cb19be66a51f5124b3a1441ff3fb173497421b52777bbeb7fa240edc722bece2a364252c0ca14e535ff4ce6ffc213442eb56
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-