General
-
Target
Invoice_94145565.xlsm
-
Size
334KB
-
Sample
210727-hjc5q278d2
-
MD5
84dfcbf8006b609714e14ae85d94baa4
-
SHA1
3cbd6c0a05e587d0ebcb46c125bcb9a31814865c
-
SHA256
c6ec076b4821de409d2fa1416b8419635421b732960a62e62bac6161040ab342
-
SHA512
d9fec51e549006a400d1822445833651dc99055478d637630885ec54a93608f0417a0b49056008d18fbdc5af1c8c9c760ae4bb4b50cbb9a30a2e02f67b92b920
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_94145565.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_94145565.xlsm
-
Size
334KB
-
MD5
84dfcbf8006b609714e14ae85d94baa4
-
SHA1
3cbd6c0a05e587d0ebcb46c125bcb9a31814865c
-
SHA256
c6ec076b4821de409d2fa1416b8419635421b732960a62e62bac6161040ab342
-
SHA512
d9fec51e549006a400d1822445833651dc99055478d637630885ec54a93608f0417a0b49056008d18fbdc5af1c8c9c760ae4bb4b50cbb9a30a2e02f67b92b920
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-