General
-
Target
Information-478224510.doc
-
Size
127KB
-
Sample
201119-6tymwzqj9s
-
MD5
bb0198d56eff259292f821cf9777f4ea
-
SHA1
67e6018e71d49acecab8018ec3e31388e5afdb09
-
SHA256
8880aa45619f26fcb4cca6671e7decc6dcf94163344a819a156ed9f5bd414d0b
-
SHA512
26585f0ae9576b40ff6635b464fa1cc3947e549a45f0648b4b754ef3225bb605ff5dd4926483636c85eed595102a57eacff634bef65e83cbd3dd54e823f1907f
Static task
static1
Behavioral task
behavioral1
Sample
Information-478224510.doc
Resource
win7v20201028
Malware Config
Extracted
http://wordpress.abbeytek.com/gb9b076.zip
http://garywhitehead.com/j64cw5.rar
http://test.taphoare.com/j4r7zap.rar
http://deepfreedom.org/qz0h69.pdf
http://forestof.life/gkd9jtb9z.png
https://rockingrenergy.info/b6exhyx4.zip
https://aeromiic.com/l8uvw4.pdf
http://jkra.nl/ce5c6ut.pdf
https://amazedelectrical.com.au/ff2e84tvk.pdf
Extracted
dridex
10555
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Targets
-
-
Target
Information-478224510.doc
-
Size
127KB
-
MD5
bb0198d56eff259292f821cf9777f4ea
-
SHA1
67e6018e71d49acecab8018ec3e31388e5afdb09
-
SHA256
8880aa45619f26fcb4cca6671e7decc6dcf94163344a819a156ed9f5bd414d0b
-
SHA512
26585f0ae9576b40ff6635b464fa1cc3947e549a45f0648b4b754ef3225bb605ff5dd4926483636c85eed595102a57eacff634bef65e83cbd3dd54e823f1907f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-