General
-
Target
SecuriteInfo.com.VB.Heur.EmoDldr.32.DB37E181.Gen.3346.8842
-
Size
724KB
-
Sample
210120-fb3np2mtyj
-
MD5
4bc306fa5912af1812d9232b6f1c540e
-
SHA1
c12b752ff9b700aac82b11242c53db061b1f0303
-
SHA256
6dd691de8fde45048114ef90b481ca7160fe39ab182e727b073f3fda3e2f3259
-
SHA512
41bb7e6947797822ceb181d4ac9b5a2c6e043e387a54844ff9c9e8c40533dc03218abb3c6fa36e635124e4c86f657699a0ff7278ee72d9d917b36f1d1640e076
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.VB.Heur.EmoDldr.32.DB37E181.Gen.3346.8842.xls
Resource
win7v20201028
Malware Config
Extracted
dridex
111
77.220.64.40:443
8.4.9.152:3786
185.246.87.202:3098
Targets
-
-
Target
SecuriteInfo.com.VB.Heur.EmoDldr.32.DB37E181.Gen.3346.8842
-
Size
724KB
-
MD5
4bc306fa5912af1812d9232b6f1c540e
-
SHA1
c12b752ff9b700aac82b11242c53db061b1f0303
-
SHA256
6dd691de8fde45048114ef90b481ca7160fe39ab182e727b073f3fda3e2f3259
-
SHA512
41bb7e6947797822ceb181d4ac9b5a2c6e043e387a54844ff9c9e8c40533dc03218abb3c6fa36e635124e4c86f657699a0ff7278ee72d9d917b36f1d1640e076
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-