General
-
Target
Inv5180494049.xlsm
-
Size
33KB
-
Sample
210311-kwgb5k5d2j
-
MD5
f685aa869cf29499b615dff5c4b5f9f8
-
SHA1
2d461fa264897b3edb0e5d79b5e7d76c2c5b62c6
-
SHA256
7c2dce53d23d62b45470c002311761fc35f78d2af8b0052dcdd0362206d986fa
-
SHA512
cdd8b60b0677fb024a546a0739e30c479ba0a58f8a48e47dc4103e24d8e835c99275230fabab3e1e921f83caf39afc305b998120c936d474a9789fd1e55c6868
Behavioral task
behavioral1
Sample
Inv5180494049.xlsm
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
210.65.244.166:443
178.33.183.53:7443
157.7.139.198:6601
Targets
-
-
Target
Inv5180494049.xlsm
-
Size
33KB
-
MD5
f685aa869cf29499b615dff5c4b5f9f8
-
SHA1
2d461fa264897b3edb0e5d79b5e7d76c2c5b62c6
-
SHA256
7c2dce53d23d62b45470c002311761fc35f78d2af8b0052dcdd0362206d986fa
-
SHA512
cdd8b60b0677fb024a546a0739e30c479ba0a58f8a48e47dc4103e24d8e835c99275230fabab3e1e921f83caf39afc305b998120c936d474a9789fd1e55c6868
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-