General
-
Target
Statement of Account as of 01_20_2021.xlsm
-
Size
37KB
-
Sample
210120-azhrsp84v2
-
MD5
28e9c78dcffb4a80c7bcfcd818791940
-
SHA1
0f239865c9e2bdd64d2017c7d26cac19dc7d3cde
-
SHA256
09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
-
SHA512
082d84c5d6b4442f0c6d10231c0368e74906a62348aaf7bb070a602695f9420abc3aa2cce28dfeaaaae784ba7e96a8008ab9e9d5bd6f2a5dfb591e8c8f5729fc
Behavioral task
behavioral1
Sample
Statement of Account as of 01_20_2021.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Targets
-
-
Target
Statement of Account as of 01_20_2021.xlsm
-
Size
37KB
-
MD5
28e9c78dcffb4a80c7bcfcd818791940
-
SHA1
0f239865c9e2bdd64d2017c7d26cac19dc7d3cde
-
SHA256
09cceb619174c99d026734f860f26cda0107af31b9153a9f7d6613c86fd57772
-
SHA512
082d84c5d6b4442f0c6d10231c0368e74906a62348aaf7bb070a602695f9420abc3aa2cce28dfeaaaae784ba7e96a8008ab9e9d5bd6f2a5dfb591e8c8f5729fc
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-