General
-
Target
Invoice_158572.xlsm
-
Size
331KB
-
Sample
210727-y4zk46gp76
-
MD5
725b1026b0aebbd378424aa9cde30b22
-
SHA1
b637df8ceab8bca97aee7c40bfe6ce06a3d89c74
-
SHA256
876692ae15f9f333ab388773d219f0b6937d2e24fe96bf834dc681de220dfaa9
-
SHA512
129387072cc9a22af3a28e7565cb80f786f7fc30046fb504ce43de2966f089f2ee9243d4d7de08f28c3e237e460f22db24ea7a2d3a4e3cbe4b1eff03ea324972
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_158572.xlsm
Resource
win7v20210408
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_158572.xlsm
-
Size
331KB
-
MD5
725b1026b0aebbd378424aa9cde30b22
-
SHA1
b637df8ceab8bca97aee7c40bfe6ce06a3d89c74
-
SHA256
876692ae15f9f333ab388773d219f0b6937d2e24fe96bf834dc681de220dfaa9
-
SHA512
129387072cc9a22af3a28e7565cb80f786f7fc30046fb504ce43de2966f089f2ee9243d4d7de08f28c3e237e460f22db24ea7a2d3a4e3cbe4b1eff03ea324972
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-