General
-
Target
2c13b06a4c6d4d880060037edf641ad5
-
Size
659KB
-
Sample
210722-b4ejywb266
-
MD5
2c13b06a4c6d4d880060037edf641ad5
-
SHA1
835dbe95edd096c6800d75054f7e8d62999248fc
-
SHA256
6566f7a379e744ca6e006241bdc600bdcd09c17dc48f61f13f9d9b11b86f9483
-
SHA512
c904bce7a1fc20845a7fb824699bfe16205fa74bc0a396756ebe998d2d1785a84579899ff24c19338e606ef766e7c5315c10cb4397ac36265ead8ffbf3280aac
Static task
static1
Behavioral task
behavioral1
Sample
2c13b06a4c6d4d880060037edf641ad5.xls
Resource
win7v20210408
Malware Config
Extracted
dridex
22201
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
2c13b06a4c6d4d880060037edf641ad5
-
Size
659KB
-
MD5
2c13b06a4c6d4d880060037edf641ad5
-
SHA1
835dbe95edd096c6800d75054f7e8d62999248fc
-
SHA256
6566f7a379e744ca6e006241bdc600bdcd09c17dc48f61f13f9d9b11b86f9483
-
SHA512
c904bce7a1fc20845a7fb824699bfe16205fa74bc0a396756ebe998d2d1785a84579899ff24c19338e606ef766e7c5315c10cb4397ac36265ead8ffbf3280aac
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-