General
-
Target
Invoice_477336.xlsm
-
Size
331KB
-
Sample
210727-y78t488wnn
-
MD5
e96dda1d1584df4f55cb661a85338e25
-
SHA1
2146bbc486e5fb847196f18160e41ce9387fcb4c
-
SHA256
78288f10031cf16e3400b5347cf525e74fb0a291a33931ee8dcd82e56a9aa6fd
-
SHA512
91e2b6bc3aea177f8e999f970400fc4408f5e9f13339df83a6e3a7d46ffdd129397ac0b185f22609f1245df184db84e615e2ebaa26d52ad98323e31892009f83
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_477336.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_477336.xlsm
-
Size
331KB
-
MD5
e96dda1d1584df4f55cb661a85338e25
-
SHA1
2146bbc486e5fb847196f18160e41ce9387fcb4c
-
SHA256
78288f10031cf16e3400b5347cf525e74fb0a291a33931ee8dcd82e56a9aa6fd
-
SHA512
91e2b6bc3aea177f8e999f970400fc4408f5e9f13339df83a6e3a7d46ffdd129397ac0b185f22609f1245df184db84e615e2ebaa26d52ad98323e31892009f83
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-