General
-
Target
0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488.doc
-
Size
87KB
-
Sample
200315-nmalg8mgmx
-
MD5
e416aa320c5070df1128c8d44872aeab
-
SHA1
b2c6e3255697811c32bc7b461d161b9398e93a8f
-
SHA256
0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488
-
SHA512
8bd6ad269772e114766398c075312ac931c1fd1386887a1854336858bf0aa10fac3fd499b914e62027fd39fb40a0d8f6bd4f0fc73a1f9060e9fa78d79c269123
Static task
static1
Malware Config
Extracted
http://freshnlaundry.com/MmU
http://bravewill.org/5VKAhr
http://ypsifest.com/xbrYo
http://nazarspot.com.tr/dTofA3
http://suicidepreventionportagecounty.org/J5
Targets
-
-
Target
0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488.doc
-
Size
87KB
-
MD5
e416aa320c5070df1128c8d44872aeab
-
SHA1
b2c6e3255697811c32bc7b461d161b9398e93a8f
-
SHA256
0855da5a6db49a1d2043493d292f3282845b92d4b1d4f6c55eea9026cfcda488
-
SHA512
8bd6ad269772e114766398c075312ac931c1fd1386887a1854336858bf0aa10fac3fd499b914e62027fd39fb40a0d8f6bd4f0fc73a1f9060e9fa78d79c269123
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-