General
-
Target
Report 290.xls
-
Size
730KB
-
Sample
210114-tdc452exa2
-
MD5
59539fde938ac6da898bd587f1850c96
-
SHA1
2fb5d4ffe1a88cffe59463ac2e7e3996574b1556
-
SHA256
137bdd679664e951ea9c919cb447b64d6d24251c406350e78471c1d589f12706
-
SHA512
2ba1a2c5063a7bdab49c4c4f54d637658fe627b4150e0878cdae469811d3a289b6ac07aa7fd7eb02b27ebb64c4e2461712be6b116bba41fdba1e042d1bd2c3b9
Static task
static1
Behavioral task
behavioral1
Sample
Report 290.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Report 290.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Report 290.xls
-
Size
730KB
-
MD5
59539fde938ac6da898bd587f1850c96
-
SHA1
2fb5d4ffe1a88cffe59463ac2e7e3996574b1556
-
SHA256
137bdd679664e951ea9c919cb447b64d6d24251c406350e78471c1d589f12706
-
SHA512
2ba1a2c5063a7bdab49c4c4f54d637658fe627b4150e0878cdae469811d3a289b6ac07aa7fd7eb02b27ebb64c4e2461712be6b116bba41fdba1e042d1bd2c3b9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-