General
-
Target
Invoice_8384252.xlsm
-
Size
331KB
-
Sample
210727-hrlyyq5mxe
-
MD5
bde2b9dc7dab9e930be10b75dcd171ef
-
SHA1
8dfeed50d89f5a2264efb31e5f74816b49c148fb
-
SHA256
b556487ae4d889236c1626083b0c9d45a29a5c3bc4e087bf2e3245b6a18ed2db
-
SHA512
123521549ec9d98f62929ed40357be1c341bc799e79bc322a4bda0e524b297161021fec6bb16b60043d5f2cf575d9e7abdae5e45ba9db4f058009702963beac8
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_8384252.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_8384252.xlsm
-
Size
331KB
-
MD5
bde2b9dc7dab9e930be10b75dcd171ef
-
SHA1
8dfeed50d89f5a2264efb31e5f74816b49c148fb
-
SHA256
b556487ae4d889236c1626083b0c9d45a29a5c3bc4e087bf2e3245b6a18ed2db
-
SHA512
123521549ec9d98f62929ed40357be1c341bc799e79bc322a4bda0e524b297161021fec6bb16b60043d5f2cf575d9e7abdae5e45ba9db4f058009702963beac8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-