General
-
Target
5356d87ef86953dfd99fd26b28927226
-
Size
661KB
-
Sample
210722-zaq2z7mzwx
-
MD5
5356d87ef86953dfd99fd26b28927226
-
SHA1
22747f2e92618dbb0fcbf257b577bf29e382e17c
-
SHA256
8f4306637d344a0673f623cf2b7326fd9b064a5b56b2e88ec3796c879274bf1c
-
SHA512
dbbf6853483c6979ffcf2e58159b17fb97a9a30196204a27a65171858b2d0aa63e3cf481307f2c97f387584ba79585326661598d9d142e45993bd63b29eb174b
Static task
static1
Behavioral task
behavioral1
Sample
5356d87ef86953dfd99fd26b28927226.xls
Resource
win7v20210408
Malware Config
Extracted
dridex
22202
178.238.236.59:443
104.245.52.73:5007
81.0.236.93:13786
Targets
-
-
Target
5356d87ef86953dfd99fd26b28927226
-
Size
661KB
-
MD5
5356d87ef86953dfd99fd26b28927226
-
SHA1
22747f2e92618dbb0fcbf257b577bf29e382e17c
-
SHA256
8f4306637d344a0673f623cf2b7326fd9b064a5b56b2e88ec3796c879274bf1c
-
SHA512
dbbf6853483c6979ffcf2e58159b17fb97a9a30196204a27a65171858b2d0aa63e3cf481307f2c97f387584ba79585326661598d9d142e45993bd63b29eb174b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-