General
-
Target
9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666.doc
-
Size
235KB
-
Sample
200215-tsr7dgwftn
-
MD5
0049f6d709ac742c1726cabb47e1e7ae
-
SHA1
12bb7c27791ea126cc42992a4bfe7cd113b1b1f4
-
SHA256
9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666
-
SHA512
e3433001eed747b9feb4d14be402c20ce1b2f81476c6d9c3fe121db248165251980655cae4ad60814122920fa677c0c571b69d38537cf01add1e1de2ef7c002b
Static task
static1
Malware Config
Extracted
http://ta-behesht.ir/images/Provx00a/
http://tatcogroup.ir/wp-admin/UC/
http://tcpartner.ru/wp-includes/nr8/
http://tepcian.utcc.ac.th/wp-admin/SquR/
http://ourproductreview.in/pokjbg746ihrtr/a1kzwc/
Targets
-
-
Target
9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666.doc
-
Size
235KB
-
MD5
0049f6d709ac742c1726cabb47e1e7ae
-
SHA1
12bb7c27791ea126cc42992a4bfe7cd113b1b1f4
-
SHA256
9ca0d78da6dffed5bfbd550359d07ba0584fabbb7e19be51072fffd1c8fb0666
-
SHA512
e3433001eed747b9feb4d14be402c20ce1b2f81476c6d9c3fe121db248165251980655cae4ad60814122920fa677c0c571b69d38537cf01add1e1de2ef7c002b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-