General
-
Target
Notice 0118.xls
-
Size
785KB
-
Sample
210114-mtrl9lxhl2
-
MD5
b1fecf61c2da48d2716df0cdfa0f01c0
-
SHA1
e821b5f8004a9668c7cc2feee02b0dc35d37cc27
-
SHA256
06cc3314ba8dbb16474ae45f254a9d90c103472a279698b7a05d83b09de4b734
-
SHA512
d1ef57d32cafcaba4d19e1deccc977fa8cb2ae6c4310dc754c27e2785dd1b7160a5bff7a4a3c90d703b87983a8a201be4c4976cefb23adf5ebac1ebab1067b6c
Static task
static1
Behavioral task
behavioral1
Sample
Notice 0118.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Notice 0118.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Notice 0118.xls
-
Size
785KB
-
MD5
b1fecf61c2da48d2716df0cdfa0f01c0
-
SHA1
e821b5f8004a9668c7cc2feee02b0dc35d37cc27
-
SHA256
06cc3314ba8dbb16474ae45f254a9d90c103472a279698b7a05d83b09de4b734
-
SHA512
d1ef57d32cafcaba4d19e1deccc977fa8cb2ae6c4310dc754c27e2785dd1b7160a5bff7a4a3c90d703b87983a8a201be4c4976cefb23adf5ebac1ebab1067b6c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-