General
-
Target
0e5fe8af64b1c5ead75e629b8afd34c0
-
Size
660KB
-
Sample
210722-314eqs6k4a
-
MD5
0e5fe8af64b1c5ead75e629b8afd34c0
-
SHA1
3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c
-
SHA256
6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e
-
SHA512
1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500
Static task
static1
Behavioral task
behavioral1
Sample
0e5fe8af64b1c5ead75e629b8afd34c0.xls
Resource
win7v20210408
Malware Config
Extracted
dridex
22201
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
0e5fe8af64b1c5ead75e629b8afd34c0
-
Size
660KB
-
MD5
0e5fe8af64b1c5ead75e629b8afd34c0
-
SHA1
3f37deb279e3ad45dd7c5c6a8656bbc07cd8157c
-
SHA256
6ca95953e88828830e9cdecb6f56a1139d7678b3d2bf2c2e32c27ee01cece84e
-
SHA512
1e5dc477905df85320e06de37900763d276f11d131d818940588f5d65116d1c5c132d56630a3ae7e13df7dc351485d1833178c0c6d154b4b96f2f0d5bc591500
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-