General
-
Target
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc.zip
-
Size
230KB
-
Sample
201121-tf61x7rv5n
-
MD5
3b60e7d52314a76f68fc74bfd543d9dd
-
SHA1
9e2d51b206309fdba5324d5e6e7ddbc41c480096
-
SHA256
9301cf300ecde152a6d63416e4ea91692ecd7ccd73cfe01cd703e05a01e9ad48
-
SHA512
7e779083e20be7dda0aa5394f92dd2455173f7450b93f6e5dc707c4274d29046d6bbb346656f5c92eccff06e8a6ee0b21f436af97a12fbdd5bd8d8d0a4be8052
Malware Config
Targets
-
-
Target
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95.doc
-
Size
322KB
-
MD5
06ba06269873237b18c23a82da59f492
-
SHA1
d18f046a0fdbefb79ec85a22404e402e6e56f2bf
-
SHA256
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95
-
SHA512
549136d02ab9d15f3aa493bf683bf5a3319d88bd990588992854d7dc6dd44047c33695c3bb322beb384fc957913212c6f073e24576729e60776f8df2ef4fa0d4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-