General
-
Target
14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c
-
Size
82KB
-
Sample
201111-rgg37q671j
-
MD5
d8cf142293ff0dda1cc5bc5d40804b97
-
SHA1
beacebcca4ba412437b0c6f3c35ec63d0d90b3bd
-
SHA256
14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c
-
SHA512
a2bd79e9ea9760402536d20bf18e64486e54450fd0b9ce0d99ee26000acfd2abcfa1197de2ddc0cd352a8d4c8095e9604d713c55f6bb78cccf320faacf1b9ca8
Malware Config
Extracted
http://www.lt3.com.br/4P
http://licanten.tk/Tgpc38X
http://www.cainfirley.com/xzd8um
http://www.kanarya.com.tr/SU
http://www.goldschmittestans.ch/wtqNM
Targets
-
-
Target
14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c
-
Size
82KB
-
MD5
d8cf142293ff0dda1cc5bc5d40804b97
-
SHA1
beacebcca4ba412437b0c6f3c35ec63d0d90b3bd
-
SHA256
14ab848a21e4370cbecb5bce9b9233d37aa0d9a02dd7e3aa32fb1ccdf052b07c
-
SHA512
a2bd79e9ea9760402536d20bf18e64486e54450fd0b9ce0d99ee26000acfd2abcfa1197de2ddc0cd352a8d4c8095e9604d713c55f6bb78cccf320faacf1b9ca8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-