General
-
Target
c4902a7a5058fe9b65d47d59dc62e36f5049146e5f551c1d5622226649da9888.doc
-
Size
210KB
-
Sample
200315-femtm3bfws
-
MD5
2176e4f4af4abb52c7ae77cc4a30bb2d
-
SHA1
9dcaeb06fc0d3fd31b48875b271f48fd5450fb9e
-
SHA256
c4902a7a5058fe9b65d47d59dc62e36f5049146e5f551c1d5622226649da9888
-
SHA512
ea5ddb9f97ba02a860917bb6095f62f1ac6587ba86ee3e99aadab75d962a147a608ff4b48c0a297ee0971a40225edb86876ed990f08ff0704dcb5f646f04bb0c
Malware Config
Extracted
https://ahuratech.com/ei9u4vn/T_8z/
http://mindigroup.com/wp-admin/T_tB/
http://extraspace.uk.com/wp-admin/i_Gl/
http://nuoviclienti.net/hanemdg/Es_wv/
http://eniyionfirma.com/wp-admin/CI_xj/
Targets
-
-
Target
c4902a7a5058fe9b65d47d59dc62e36f5049146e5f551c1d5622226649da9888.doc
-
Size
210KB
-
MD5
2176e4f4af4abb52c7ae77cc4a30bb2d
-
SHA1
9dcaeb06fc0d3fd31b48875b271f48fd5450fb9e
-
SHA256
c4902a7a5058fe9b65d47d59dc62e36f5049146e5f551c1d5622226649da9888
-
SHA512
ea5ddb9f97ba02a860917bb6095f62f1ac6587ba86ee3e99aadab75d962a147a608ff4b48c0a297ee0971a40225edb86876ed990f08ff0704dcb5f646f04bb0c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-