General
-
Target
295323_BOL.xlsm
-
Size
35KB
-
Sample
210315-aj242766he
-
MD5
22c652771b8ce73627adc88d637929cf
-
SHA1
014cc86b4b1421daa675c34183b7aab2c8fb231b
-
SHA256
3a08a954b5420702dc1f57733dc238f9977c4dd2041749043ae3e48b36b638c6
-
SHA512
4d46118b15ec9f052aa091d3f1f33dcff01d95531b2fa69d7fdd4301ae080979d6bec3bfccdd5071570c4c1796e96684012e39912af08fcee443458e6667b778
Behavioral task
behavioral1
Sample
295323_BOL.xlsm
Resource
win7v20201028
Malware Config
Extracted
dridex
10444
210.65.244.184:443
147.78.186.4:10051
62.75.168.152:6601
Targets
-
-
Target
295323_BOL.xlsm
-
Size
35KB
-
MD5
22c652771b8ce73627adc88d637929cf
-
SHA1
014cc86b4b1421daa675c34183b7aab2c8fb231b
-
SHA256
3a08a954b5420702dc1f57733dc238f9977c4dd2041749043ae3e48b36b638c6
-
SHA512
4d46118b15ec9f052aa091d3f1f33dcff01d95531b2fa69d7fdd4301ae080979d6bec3bfccdd5071570c4c1796e96684012e39912af08fcee443458e6667b778
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-