General
-
Target
0b2f7083ce53cfa4fdd59ebeb6cc52a7
-
Size
659KB
-
Sample
210721-yh59rxks12
-
MD5
0b2f7083ce53cfa4fdd59ebeb6cc52a7
-
SHA1
07a8b1eaf77b6b4b77cca8933678b3bd807d6d4b
-
SHA256
9af4d082d528b08891e09cce9fb40a66f8414f6e2a71bf2e90a721262584b169
-
SHA512
9543ebb68b029ed001961e19e7b7d6b9dbe2f0367c30c4025de4e6530642d01343af9b90b45f8a07d149f6060ecc4115a9ff92b5d7f4d375fda556c678434729
Static task
static1
Behavioral task
behavioral1
Sample
0b2f7083ce53cfa4fdd59ebeb6cc52a7.xls
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
0b2f7083ce53cfa4fdd59ebeb6cc52a7
-
Size
659KB
-
MD5
0b2f7083ce53cfa4fdd59ebeb6cc52a7
-
SHA1
07a8b1eaf77b6b4b77cca8933678b3bd807d6d4b
-
SHA256
9af4d082d528b08891e09cce9fb40a66f8414f6e2a71bf2e90a721262584b169
-
SHA512
9543ebb68b029ed001961e19e7b7d6b9dbe2f0367c30c4025de4e6530642d01343af9b90b45f8a07d149f6060ecc4115a9ff92b5d7f4d375fda556c678434729
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-