General
-
Target
9fd9781ca0a89a0b64d71314e350f0a3f683a7295b0153bda11028dde80df8bf
-
Size
164KB
-
Sample
201020-1al795gm5a
-
MD5
c85e40cf341094da3f30ab8f010da347
-
SHA1
b5e573c89c8e77d7ef546b3bb49d640dbed91571
-
SHA256
9fd9781ca0a89a0b64d71314e350f0a3f683a7295b0153bda11028dde80df8bf
-
SHA512
a52d85343df27661f981488dba9283a417698d0ce6e8808934c6067c0de136bddb2ddbc129da04f2d422484a4bc837f1f6d5264500adfd60a88c3d2b1ade1395
Malware Config
Extracted
http://wodsuit.com/ram-aisin/7r9/
http://hoobiq.com/cgi-bin/Xyv/
http://bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/
https://vat201.com/calculator/itQ/
http://vikinggg.com/hydrolysis-of/bY/
https://mohamedsayed.com/wp-admin/Zt/
https://hostimpel.com/js/q/
Targets
-
-
Target
9fd9781ca0a89a0b64d71314e350f0a3f683a7295b0153bda11028dde80df8bf
-
Size
164KB
-
MD5
c85e40cf341094da3f30ab8f010da347
-
SHA1
b5e573c89c8e77d7ef546b3bb49d640dbed91571
-
SHA256
9fd9781ca0a89a0b64d71314e350f0a3f683a7295b0153bda11028dde80df8bf
-
SHA512
a52d85343df27661f981488dba9283a417698d0ce6e8808934c6067c0de136bddb2ddbc129da04f2d422484a4bc837f1f6d5264500adfd60a88c3d2b1ade1395
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-