General
-
Target
Detailed 079.xls
-
Size
700KB
-
Sample
210114-m2673k9s5j
-
MD5
f701a2158fc4a868d23a084343462fd0
-
SHA1
ebe1522c21f37590b6e2f2b7a04a79fd52de028f
-
SHA256
08a4f7ec8149e54ab39741f32f4f877257c5bc3cb1473b7cca0c86b58f0abcf2
-
SHA512
bcdd7fc4652d5f272480f92b974f3130b72af0923cc0c4299fcb8c2d0fc4acc4b232a0aeff130db902928ba82810804ff894149bfd74de1283e76554fd60f4f0
Static task
static1
Behavioral task
behavioral1
Sample
Detailed 079.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Detailed 079.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Detailed 079.xls
-
Size
700KB
-
MD5
f701a2158fc4a868d23a084343462fd0
-
SHA1
ebe1522c21f37590b6e2f2b7a04a79fd52de028f
-
SHA256
08a4f7ec8149e54ab39741f32f4f877257c5bc3cb1473b7cca0c86b58f0abcf2
-
SHA512
bcdd7fc4652d5f272480f92b974f3130b72af0923cc0c4299fcb8c2d0fc4acc4b232a0aeff130db902928ba82810804ff894149bfd74de1283e76554fd60f4f0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-