General
-
Target
Purchase_Order 8328.xls
-
Size
79KB
-
Sample
211027-zks8ksgdh6
-
MD5
18dd59051822628a3ecbbdc902888ca8
-
SHA1
df1745ee2b92e041128bf83242df6d6d32858231
-
SHA256
2f12b09b257e88b05b03eba2d3ec27d74ac6ab1144b7373058f1e87b3555b1f8
-
SHA512
5364687cafff4045f08e4f45eb9c12c2602fd0f9d99e46ce6fd68b2b8798d31047f1a285605872555aecc71a6167e0a8f3b7f51878d145a5b5ace47bacd573ed
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Order 8328.xls
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase_Order 8328.xls
Resource
win10-en-20210920
Malware Config
Extracted
https://newerabd.com/ebkc1m.rar
Extracted
dridex
10555
192.46.210.220:443
143.244.140.214:808
45.77.0.96:6891
185.56.219.47:8116
Targets
-
-
Target
Purchase_Order 8328.xls
-
Size
79KB
-
MD5
18dd59051822628a3ecbbdc902888ca8
-
SHA1
df1745ee2b92e041128bf83242df6d6d32858231
-
SHA256
2f12b09b257e88b05b03eba2d3ec27d74ac6ab1144b7373058f1e87b3555b1f8
-
SHA512
5364687cafff4045f08e4f45eb9c12c2602fd0f9d99e46ce6fd68b2b8798d31047f1a285605872555aecc71a6167e0a8f3b7f51878d145a5b5ace47bacd573ed
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-