General
-
Target
Subconract_848.xls
-
Size
785KB
-
Sample
210114-p42lc23fla
-
MD5
541f54e85e64235f5171da05a3898779
-
SHA1
feb4448f9ae957dbacb175ad9b5bda6f0a66c13d
-
SHA256
c08a0dd14c4a913989af9b24e5b18e5a8f1b9b4bce8e7906aea0def230cf3780
-
SHA512
192ba986fe2c3df5119fbae11ca1760f185a6c47e93cc597321290076782ea87df9019350195112321ab6ab39f82421a70ec3cec1bb298035a170e0156e1903d
Static task
static1
Behavioral task
behavioral1
Sample
Subconract_848.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Subconract_848.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Subconract_848.xls
-
Size
785KB
-
MD5
541f54e85e64235f5171da05a3898779
-
SHA1
feb4448f9ae957dbacb175ad9b5bda6f0a66c13d
-
SHA256
c08a0dd14c4a913989af9b24e5b18e5a8f1b9b4bce8e7906aea0def230cf3780
-
SHA512
192ba986fe2c3df5119fbae11ca1760f185a6c47e93cc597321290076782ea87df9019350195112321ab6ab39f82421a70ec3cec1bb298035a170e0156e1903d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-