General
-
Target
Invoice_7783287.xlsm
-
Size
72KB
-
Sample
210727-atmbdyctwx
-
MD5
fb123f34330c9955670c9a82fbba4c78
-
SHA1
eca20d3f1af83b46ba622ae2e77a8aadcae235ca
-
SHA256
255b35355a30430642cd7e31b3a9c5dc1bd05a64320b64a56d8c49014d185899
-
SHA512
2717f023c8fe4c970924316d90661154d657c3b627bd784d04013c2726422fa33bb58023d74273bbbf70d9b2368c27a91e8e425afc9ae3f25e753fd9c9925a12
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_7783287.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_7783287.xlsm
-
Size
72KB
-
MD5
fb123f34330c9955670c9a82fbba4c78
-
SHA1
eca20d3f1af83b46ba622ae2e77a8aadcae235ca
-
SHA256
255b35355a30430642cd7e31b3a9c5dc1bd05a64320b64a56d8c49014d185899
-
SHA512
2717f023c8fe4c970924316d90661154d657c3b627bd784d04013c2726422fa33bb58023d74273bbbf70d9b2368c27a91e8e425afc9ae3f25e753fd9c9925a12
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-