General
-
Target
Invoice_020634.xlsm
-
Size
73KB
-
Sample
210727-n78zzy5wba
-
MD5
86a156d545f23e81be35433443bb6da2
-
SHA1
c5df03d08806f1faa990ea3a71ac447aecc7185c
-
SHA256
e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c
-
SHA512
18f07926d0d8f59243824c19825c5b1c6e8589c40b13d780f280ae9279f186c05c8a48768301b68926086eb82803da923bfa154844a1af9ace0a2d0c0010bbd8
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_020634.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22201
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_020634.xlsm
-
Size
73KB
-
MD5
86a156d545f23e81be35433443bb6da2
-
SHA1
c5df03d08806f1faa990ea3a71ac447aecc7185c
-
SHA256
e08fa4239a4c5ed68a5efd79953489da0ba5c3505c19888be83533dea837f99c
-
SHA512
18f07926d0d8f59243824c19825c5b1c6e8589c40b13d780f280ae9279f186c05c8a48768301b68926086eb82803da923bfa154844a1af9ace0a2d0c0010bbd8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-