General
-
Target
Invoice_3326809.xlsm
-
Size
332KB
-
Sample
210727-gdh6t3ed8n
-
MD5
86c63e5a375f54c79cfa007828400a5d
-
SHA1
858168c7285d60d905470d70c32962a1367ea947
-
SHA256
297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f
-
SHA512
39c357bef2f317080dc115803d211a1d8294360a7002e38a8e7d7a5cd86d2b3c0d6faaa9535e2c5787dfc00b7e450ee03e3b3f259e0dd95e196a850a16d45f79
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_3326809.xlsm
Resource
win7v20210408
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_3326809.xlsm
-
Size
332KB
-
MD5
86c63e5a375f54c79cfa007828400a5d
-
SHA1
858168c7285d60d905470d70c32962a1367ea947
-
SHA256
297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f
-
SHA512
39c357bef2f317080dc115803d211a1d8294360a7002e38a8e7d7a5cd86d2b3c0d6faaa9535e2c5787dfc00b7e450ee03e3b3f259e0dd95e196a850a16d45f79
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-