General
-
Target
5d15ccd61fa8f1488c26d0d4e39904dd
-
Size
315KB
-
Sample
210721-r7ywkmphxa
-
MD5
5d15ccd61fa8f1488c26d0d4e39904dd
-
SHA1
40eeb9943f5af7f3e81c1b1a628919dd47be973e
-
SHA256
fdd4ee9e0e1f197e66f1efae2ce26db6ef0a1fa0867f9316c3cdb288fff6690f
-
SHA512
90cc50b5f714c6cb2697cf88f5914a9ed38048e7535910c787133a98b64cc88f2cf7f97167323c1253c8c123d9a5ce75f7dc57dace7fc2e43a4c60e6c4863a0f
Static task
static1
Behavioral task
behavioral1
Sample
5d15ccd61fa8f1488c26d0d4e39904dd.xls
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
5d15ccd61fa8f1488c26d0d4e39904dd
-
Size
315KB
-
MD5
5d15ccd61fa8f1488c26d0d4e39904dd
-
SHA1
40eeb9943f5af7f3e81c1b1a628919dd47be973e
-
SHA256
fdd4ee9e0e1f197e66f1efae2ce26db6ef0a1fa0867f9316c3cdb288fff6690f
-
SHA512
90cc50b5f714c6cb2697cf88f5914a9ed38048e7535910c787133a98b64cc88f2cf7f97167323c1253c8c123d9a5ce75f7dc57dace7fc2e43a4c60e6c4863a0f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-