General
-
Target
export of document 342612.xlsm
-
Size
83KB
-
Sample
210505-mafeaz5vr6
-
MD5
bff1d0bc3ea7daf787e62e14d7a87f2f
-
SHA1
679615484ee10e8170ac96f1472e3a54ad2447f0
-
SHA256
b1c932b82e70544a381a0a0ffe1116a71a0dbc1c2b3e5afd63d7ddd0507489ca
-
SHA512
b09fc21d4cd1308967a8bb97a978af2e6ec3c75e21b2a5ba0ba3b5dbf557a2f1050c33c00fbb7b70cb56add7c5ef4a8a9553ecc32b20cfa7661718b6442d6b38
Static task
static1
Behavioral task
behavioral1
Sample
export of document 342612.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.55.134.126:443
67.207.83.96:8172
193.160.214.95:4125
Targets
-
-
Target
export of document 342612.xlsm
-
Size
83KB
-
MD5
bff1d0bc3ea7daf787e62e14d7a87f2f
-
SHA1
679615484ee10e8170ac96f1472e3a54ad2447f0
-
SHA256
b1c932b82e70544a381a0a0ffe1116a71a0dbc1c2b3e5afd63d7ddd0507489ca
-
SHA512
b09fc21d4cd1308967a8bb97a978af2e6ec3c75e21b2a5ba0ba3b5dbf557a2f1050c33c00fbb7b70cb56add7c5ef4a8a9553ecc32b20cfa7661718b6442d6b38
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-