General
-
Target
INV_369730_2393121046005.xls
-
Size
57KB
-
Sample
210401-3lzjtal71e
-
MD5
f6ed1fc605203ca75f5d3e4cdf9c8f4d
-
SHA1
0c424cb3ed68823affe5f7163d18e00d47569c0e
-
SHA256
bb881851c401f18651d160438cc157a01d27640b081b7b8c909b222986948682
-
SHA512
e6c315c9a057a2456fa0885c95a79bc0eb2006bc1f4f650675fa86fd59aa386c37e0ce1c0aed38edbf4a5c573b3ee2f30ce018a141cb1bd6f94a2a50ff2bc022
Static task
static1
Behavioral task
behavioral1
Sample
INV_369730_2393121046005.xls
Resource
win7v20201028
Malware Config
Extracted
Extracted
dridex
10444
131.100.24.215:443
210.65.244.174:6601
195.201.199.53:2303
Targets
-
-
Target
INV_369730_2393121046005.xls
-
Size
57KB
-
MD5
f6ed1fc605203ca75f5d3e4cdf9c8f4d
-
SHA1
0c424cb3ed68823affe5f7163d18e00d47569c0e
-
SHA256
bb881851c401f18651d160438cc157a01d27640b081b7b8c909b222986948682
-
SHA512
e6c315c9a057a2456fa0885c95a79bc0eb2006bc1f4f650675fa86fd59aa386c37e0ce1c0aed38edbf4a5c573b3ee2f30ce018a141cb1bd6f94a2a50ff2bc022
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-