General
-
Target
0112_286068331.doc
-
Size
369KB
-
Sample
210112-568ncqenpe
-
MD5
90bc76c00a54ec40a5c02680c4ac0adc
-
SHA1
fd2a43d3e36adbfd2f6d4eb7aa30ff29e7f1ebb8
-
SHA256
56f1795abf78f798a51b9224a5deb17aedd924629136832b526c93339f525e56
-
SHA512
455f016727495e7438ea532e9fe25e2508876443ba27193c3b2fe8d2029b061bd8c0ab623a8806496cd65fa1b233a5662372c4a3baf4836a6edc7de1626c69f5
Malware Config
Targets
-
-
Target
0112_286068331.doc
-
Size
369KB
-
MD5
90bc76c00a54ec40a5c02680c4ac0adc
-
SHA1
fd2a43d3e36adbfd2f6d4eb7aa30ff29e7f1ebb8
-
SHA256
56f1795abf78f798a51b9224a5deb17aedd924629136832b526c93339f525e56
-
SHA512
455f016727495e7438ea532e9fe25e2508876443ba27193c3b2fe8d2029b061bd8c0ab623a8806496cd65fa1b233a5662372c4a3baf4836a6edc7de1626c69f5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-