General
-
Target
INV3853544448-20210315515345.xlsm
-
Size
40KB
-
Sample
210315-7l5y58b1ya
-
MD5
fbdc93eba3d85daa84b15b534d01ad86
-
SHA1
b60035635c6dabd34f35ed5729df7ada641d51d3
-
SHA256
6e4dd80fc7a0b4a9ccb96d35ea609227f1e89274b3836f424d9ecbb43791c75d
-
SHA512
5b777f564c35d04de6faae13993fdad2f6ec2a95c4922488cd47e752b7643f0ea74f43693c8944ba4544fc4eaa4b87fd7196a1c9996c8fd21d166c4f14258a3a
Behavioral task
behavioral1
Sample
INV3853544448-20210315515345.xlsm
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
210.65.244.184:443
147.78.186.4:10051
62.75.168.152:6601
Targets
-
-
Target
INV3853544448-20210315515345.xlsm
-
Size
40KB
-
MD5
fbdc93eba3d85daa84b15b534d01ad86
-
SHA1
b60035635c6dabd34f35ed5729df7ada641d51d3
-
SHA256
6e4dd80fc7a0b4a9ccb96d35ea609227f1e89274b3836f424d9ecbb43791c75d
-
SHA512
5b777f564c35d04de6faae13993fdad2f6ec2a95c4922488cd47e752b7643f0ea74f43693c8944ba4544fc4eaa4b87fd7196a1c9996c8fd21d166c4f14258a3a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-