General
-
Target
UNTITLED_VO90769.zip
-
Size
85KB
-
Sample
210112-1hqlw1syjj
-
MD5
77aeabe3044eb130b86f888bedd1ae5f
-
SHA1
f24b2bc4aa069abac128f011490f9cc8b0b895d2
-
SHA256
7a579fb398cc17cee3fe9641b5b06871305256a4617bd60c5fb1d94c898c32cb
-
SHA512
b1cf9f03eaeeb572780d2bd42a14e331fe4f5f66a65992ac2db9d0817121acfcd47d6caf4f2582f360c610938f92690df31cd6eee4f2acc863453afd09ae6e30
Malware Config
Extracted
http://baselinealameda.com/j/uoB/
http://abdindash.xyz/b/Yonhx/
https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
https://craku.tech/h/iXbreOs/
https://nicoblogroms.com/c/V9w0b5/
https://www.taradhuay.com/d/oT5uG/
https://altcomconstruction.com/wp-includes/or7/
Targets
-
-
Target
UNTITLED_VO90769.doc
-
Size
158KB
-
MD5
50c334182f04b01fd3b55f0324ae39c9
-
SHA1
a06480bad89cd333d7c48330e89c8dbd758c6f6b
-
SHA256
79695d1cf1b881a4ba7f850f5d71796605abc71286de3a809002a423032dee59
-
SHA512
bcd2721737de9d83d540f0f8119a56fcc273bc550d221a0748d7378b8c6d8d5241bb064ca93c6e2880da61f5aac5786f5b7be86f1d177acafdef5fc5c5bb9baf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-