General
-
Target
c6f2239754469a59c8f97e30df2e0950
-
Size
315KB
-
Sample
210722-prpyahwfbe
-
MD5
c6f2239754469a59c8f97e30df2e0950
-
SHA1
4310f7e6baaf4f86defd9c052ea40649f6b04e9e
-
SHA256
e028f271461ba72f91934ada56064d0eab66b4ad3066d653632fad04351efb00
-
SHA512
a5d6d2c4bbfc96626fa2e1a6969b4692f0529f0971b7b4f217e099bb4852427beb669f900f820206c542aab2321411bf4aa3e71e2c2847648806292478aa46dc
Static task
static1
Behavioral task
behavioral1
Sample
c6f2239754469a59c8f97e30df2e0950.xls
Resource
win7v20210410
Malware Config
Extracted
dridex
22202
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
c6f2239754469a59c8f97e30df2e0950
-
Size
315KB
-
MD5
c6f2239754469a59c8f97e30df2e0950
-
SHA1
4310f7e6baaf4f86defd9c052ea40649f6b04e9e
-
SHA256
e028f271461ba72f91934ada56064d0eab66b4ad3066d653632fad04351efb00
-
SHA512
a5d6d2c4bbfc96626fa2e1a6969b4692f0529f0971b7b4f217e099bb4852427beb669f900f820206c542aab2321411bf4aa3e71e2c2847648806292478aa46dc
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-