General
-
Target
Statement of Account as of_01_20_2021.xlsm
-
Size
33KB
-
Sample
210120-4wfk4h8c56
-
MD5
246c352d27fb02c6daf4bb28647b285f
-
SHA1
d89273f381711142b75bbb495a876a636b674050
-
SHA256
4840443a33395062157663a7c4867ee0fcf045db025470b700da29fba3ef65d9
-
SHA512
abff3849ebd2c7d0de84734cedb9c4c14868db8d9cb2cff03e3bb4a08d69987304dcab26788b8da522d862c4aaa23ea2c641249167f47d9d57892d9f293bd4b8
Behavioral task
behavioral1
Sample
Statement of Account as of_01_20_2021.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Targets
-
-
Target
Statement of Account as of_01_20_2021.xlsm
-
Size
33KB
-
MD5
246c352d27fb02c6daf4bb28647b285f
-
SHA1
d89273f381711142b75bbb495a876a636b674050
-
SHA256
4840443a33395062157663a7c4867ee0fcf045db025470b700da29fba3ef65d9
-
SHA512
abff3849ebd2c7d0de84734cedb9c4c14868db8d9cb2cff03e3bb4a08d69987304dcab26788b8da522d862c4aaa23ea2c641249167f47d9d57892d9f293bd4b8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-