General
-
Target
9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
-
Size
328KB
-
Sample
210726-lvpe2fdzme
-
MD5
5049c8efe625f614b1548ddae83fc621
-
SHA1
58f791beff16d82d9ec1f65ddb327ff297c7759d
-
SHA256
9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
-
SHA512
b11a347d28a6402404833f98936ac85d6cab8b4c8e09154b525d6bde57f66148172f5f411eff5791fc20e8d97293ed28a78729f153493f9b900c4d50bf00564c
Static task
static1
Behavioral task
behavioral1
Sample
9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
-
Size
328KB
-
MD5
5049c8efe625f614b1548ddae83fc621
-
SHA1
58f791beff16d82d9ec1f65ddb327ff297c7759d
-
SHA256
9384bb6127c78785cdb717a01f7d8efcb9c8b401a0aec4d943b3214c1032fac7
-
SHA512
b11a347d28a6402404833f98936ac85d6cab8b4c8e09154b525d6bde57f66148172f5f411eff5791fc20e8d97293ed28a78729f153493f9b900c4d50bf00564c
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-