General
-
Target
Results12232021.xls
-
Size
414KB
-
Sample
211223-te3beaabd2
-
MD5
8d1d1df2277e8730eee7de7fe28f60e1
-
SHA1
773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
-
SHA256
4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
-
SHA512
5f2f3d4b9295171dbbf246e2e6e23d07fa189bc7e3681ffd9c2778e3fef99621bf8f3b0a4c1d70061d6e06ec27f2c38151ccb4ba83b111bfe8051ca045834b76
Static task
static1
Behavioral task
behavioral1
Sample
Results12232021.xls
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Results12232021.xls
Resource
win10-en-20211208
Malware Config
Extracted
dridex
22201
144.91.122.102:443
85.10.248.28:593
185.4.135.27:5228
80.211.3.13:8116
Targets
-
-
Target
Results12232021.xls
-
Size
414KB
-
MD5
8d1d1df2277e8730eee7de7fe28f60e1
-
SHA1
773b3ff48428bdacf2afeb7fc9fd1261a2e0591c
-
SHA256
4d21115441459063cf8403f94d3bb37201666be30622cb2cb4e2ffb32827192f
-
SHA512
5f2f3d4b9295171dbbf246e2e6e23d07fa189bc7e3681ffd9c2778e3fef99621bf8f3b0a4c1d70061d6e06ec27f2c38151ccb4ba83b111bfe8051ca045834b76
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-