General
-
Target
sample20210120-01.xlsm
-
Size
37KB
-
Sample
210120-rwx3x68ryx
-
MD5
54825e5a9b5da2c6d3e71155680a2c4d
-
SHA1
98e7e3c303a0a6010b6c2bd1bbd64688eb8753a3
-
SHA256
98b3fa8ad7143d6bfb754aeca00ded8ffe5789d7e4360f51841801906f5e5551
-
SHA512
d1c3e7bf1c2bf4acbebfa83c529a92ae2d6d64d76fa24716df5fc13578a9f6315cb09687eb556e8bcaab997be1744b6c7e1e8ac4e00f71b746397aff0acfe89f
Behavioral task
behavioral1
Sample
sample20210120-01.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Targets
-
-
Target
sample20210120-01.xlsm
-
Size
37KB
-
MD5
54825e5a9b5da2c6d3e71155680a2c4d
-
SHA1
98e7e3c303a0a6010b6c2bd1bbd64688eb8753a3
-
SHA256
98b3fa8ad7143d6bfb754aeca00ded8ffe5789d7e4360f51841801906f5e5551
-
SHA512
d1c3e7bf1c2bf4acbebfa83c529a92ae2d6d64d76fa24716df5fc13578a9f6315cb09687eb556e8bcaab997be1744b6c7e1e8ac4e00f71b746397aff0acfe89f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-