General
-
Target
Invoice_78518423.xlsm
-
Size
89KB
-
Sample
210727-s59vs6ntrj
-
MD5
6a27e232270583b5c1796cf988d79ee4
-
SHA1
94e9f16d09a2031ecd04631782875eb95109dba7
-
SHA256
190b2cdfa53eaab02c24d69923988103a84cd2862c6c9d70a18feebbb3f0bc64
-
SHA512
9141228262c7f188d16579b96f89d7a021deb193448cbcd0f7790eca757720b1efcc28a52bc51fb85697021adca66243fe2ba86c1d9cd3c50a90c0c7cf22405b
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_78518423.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_78518423.xlsm
-
Size
89KB
-
MD5
6a27e232270583b5c1796cf988d79ee4
-
SHA1
94e9f16d09a2031ecd04631782875eb95109dba7
-
SHA256
190b2cdfa53eaab02c24d69923988103a84cd2862c6c9d70a18feebbb3f0bc64
-
SHA512
9141228262c7f188d16579b96f89d7a021deb193448cbcd0f7790eca757720b1efcc28a52bc51fb85697021adca66243fe2ba86c1d9cd3c50a90c0c7cf22405b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-