General
-
Target
1 Total New Invoices-Thursday January 21 2021.xlsm
-
Size
30KB
-
Sample
210121-c211sd3f9a
-
MD5
a47b6adc87b8000c91a706d3c5ed540f
-
SHA1
5337c9cd3d3813178bd5e7d1e1334ab973bdbb3f
-
SHA256
fa8ed75cfc69a06cf1e809531f7371b5c75fd480339ae65568785b76387ceaa0
-
SHA512
4c703218126a95120b28b5679739eca637700e0847878b83a844f494434f5a05bb3ca739cbe4b8fd45e1fff42d4aaeaa4588a01c4c3f307284c94b1a79eda172
Behavioral task
behavioral1
Sample
1 Total New Invoices-Thursday January 21 2021.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
194.225.58.214:443
211.110.44.63:5353
69.164.207.140:3388
198.57.200.100:3786
Targets
-
-
Target
1 Total New Invoices-Thursday January 21 2021.xlsm
-
Size
30KB
-
MD5
a47b6adc87b8000c91a706d3c5ed540f
-
SHA1
5337c9cd3d3813178bd5e7d1e1334ab973bdbb3f
-
SHA256
fa8ed75cfc69a06cf1e809531f7371b5c75fd480339ae65568785b76387ceaa0
-
SHA512
4c703218126a95120b28b5679739eca637700e0847878b83a844f494434f5a05bb3ca739cbe4b8fd45e1fff42d4aaeaa4588a01c4c3f307284c94b1a79eda172
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-