General
-
Target
Results12232021.xls
-
Size
631KB
-
Sample
211223-r99ymaaghq
-
MD5
59212fd7cad43916cc463c7ef87d188d
-
SHA1
4f5062437f794bab251ba87bbcc6c424c00491d8
-
SHA256
d48e9dc2d8ce89aa5eb4a90b4eb2d60368fd7e3bdcfeb9a8a7cda9b11ac40e7e
-
SHA512
f6830814de3cf57b5c940b6f5c03375222cf11b9b71d4e1b0a72cb88fcd87147c9ec1e9e1af0d9141a2606555152a421687a8c23a290a2a29f5cfa2581da1d6d
Static task
static1
Malware Config
Extracted
dridex
22201
144.91.122.102:443
85.10.248.28:593
185.4.135.27:5228
80.211.3.13:8116
Targets
-
-
Target
Results12232021.xls
-
Size
631KB
-
MD5
59212fd7cad43916cc463c7ef87d188d
-
SHA1
4f5062437f794bab251ba87bbcc6c424c00491d8
-
SHA256
d48e9dc2d8ce89aa5eb4a90b4eb2d60368fd7e3bdcfeb9a8a7cda9b11ac40e7e
-
SHA512
f6830814de3cf57b5c940b6f5c03375222cf11b9b71d4e1b0a72cb88fcd87147c9ec1e9e1af0d9141a2606555152a421687a8c23a290a2a29f5cfa2581da1d6d
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-