General
-
Target
fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.zip
-
Size
36KB
-
Sample
210315-18a3nnhew2
-
MD5
3c0c3aa7d3088acb2825410e2c58cf3f
-
SHA1
af4bdfd2459a0a51de1dd68300832018be8637d0
-
SHA256
1be3b8b888ba3b946304bd262319fa5fca0f8d41bde9850842e978a4fdcef808
-
SHA512
632bbae02aebabb11474614488f36095ef425bb3162e87e6282835a45142149c26c7037b43bf7534df1ca877ac22d4ebff4483445841096269ccd590fd1726f8
Behavioral task
behavioral1
Sample
fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.xlsm
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
210.65.244.184:443
147.78.186.4:10051
62.75.168.152:6601
Targets
-
-
Target
fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6.xlsm
-
Size
40KB
-
MD5
1573b4ec83ac67af060289a37896b0c9
-
SHA1
b95d31d6b268f4382c438ba8cdb2d6fae9e23572
-
SHA256
fd2cc0c858b7b92b32d86f7bb8a48d56798667a2bc7e75fe44f074178ea3a0d6
-
SHA512
925e02a2f062cf4732335b28765779973d6db9d89c52016326aef577b0e76ee07bb8beb386545f9551aa2e4c811f6d432c9dda90cfedc6e0ed72f042808fd3b9
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-