General
-
Target
Invoice_2457619.xlsm
-
Size
329KB
-
Sample
210727-zvtyjzphzx
-
MD5
6cb632b4c2e9244c36ad740ef8cbfda5
-
SHA1
5c90034815dc6faf9d14da1536f05a8a9a1d0f73
-
SHA256
71fb5ec5a1424b9965bf487a41e24e04e6cd20fb256b283b8262a6592aa90114
-
SHA512
ec56dc8b6282de9ce3bf865263fbc74741ab98a70ac517f4d1637f025255c06247b11edd95edb9756032e93f7d0cdef93e639088cdd88732c3ccc060e85cc636
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_2457619.xlsm
Resource
win7v20210410
Malware Config
Extracted
dridex
22202
45.79.33.48:443
139.162.202.74:5007
68.183.216.174:7443
Targets
-
-
Target
Invoice_2457619.xlsm
-
Size
329KB
-
MD5
6cb632b4c2e9244c36ad740ef8cbfda5
-
SHA1
5c90034815dc6faf9d14da1536f05a8a9a1d0f73
-
SHA256
71fb5ec5a1424b9965bf487a41e24e04e6cd20fb256b283b8262a6592aa90114
-
SHA512
ec56dc8b6282de9ce3bf865263fbc74741ab98a70ac517f4d1637f025255c06247b11edd95edb9756032e93f7d0cdef93e639088cdd88732c3ccc060e85cc636
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-