General
-
Target
e14a0a927e2e4f5492df393e7cb9633c
-
Size
315KB
-
Sample
210721-4vga6q327a
-
MD5
e14a0a927e2e4f5492df393e7cb9633c
-
SHA1
4b28f4018818b7c3352dc72979b7b63fbe5ab0c6
-
SHA256
6d6f8b8a027c634e29a81d8790a7699507b02907583958071397297546d21641
-
SHA512
16744aa79928813b28b65aa9ec45706f5280833cac015db440c34d1b691b086f8da69729619159b55207e081adfc264d6b18f72b74fbbb51de84deb22c33283b
Static task
static1
Behavioral task
behavioral1
Sample
e14a0a927e2e4f5492df393e7cb9633c.xls
Resource
win7v20210410
Malware Config
Extracted
dridex
22202
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
e14a0a927e2e4f5492df393e7cb9633c
-
Size
315KB
-
MD5
e14a0a927e2e4f5492df393e7cb9633c
-
SHA1
4b28f4018818b7c3352dc72979b7b63fbe5ab0c6
-
SHA256
6d6f8b8a027c634e29a81d8790a7699507b02907583958071397297546d21641
-
SHA512
16744aa79928813b28b65aa9ec45706f5280833cac015db440c34d1b691b086f8da69729619159b55207e081adfc264d6b18f72b74fbbb51de84deb22c33283b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-