General
-
Target
sample20210121-01.xlsm
-
Size
30KB
-
Sample
210121-11n55bmy1e
-
MD5
d89d70ee6809ef93910bfbf10c4caf94
-
SHA1
5e8d4db8464fd6d427d5987ae6cb017ceac13839
-
SHA256
55cbb43aad59d149ba4bc06684771b5d87a3f570da165437c4d07d442d4b8db7
-
SHA512
c5eb5a46edb4cf9a7eeeb7e945665f9091d2b536310d5e4de54d47fca8690821c28c004a4677daae1273911f8e60d467cd8424f2e7e23e12f20ac589bb6d5073
Behavioral task
behavioral1
Sample
sample20210121-01.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Targets
-
-
Target
sample20210121-01.xlsm
-
Size
30KB
-
MD5
d89d70ee6809ef93910bfbf10c4caf94
-
SHA1
5e8d4db8464fd6d427d5987ae6cb017ceac13839
-
SHA256
55cbb43aad59d149ba4bc06684771b5d87a3f570da165437c4d07d442d4b8db7
-
SHA512
c5eb5a46edb4cf9a7eeeb7e945665f9091d2b536310d5e4de54d47fca8690821c28c004a4677daae1273911f8e60d467cd8424f2e7e23e12f20ac589bb6d5073
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-