General
-
Target
Document.zip
-
Size
60KB
-
Sample
210112-8f7ga4p5fx
-
MD5
f3edfa997b6dd39e4d0c21fd214c504a
-
SHA1
cc37656285cc60d146003d93a3702754d8b93063
-
SHA256
2e6e2e700465216a67088608430ce6d033828eab70f5b94d334b0efe1df19cff
-
SHA512
1dece406bd18e32cda31fee0d11e47bc465db2952c8041733b3e5b672d80c45381855f8211f4712387b67d13f7315036b0d3ad17838f7e47a3c1d7c45e026642
Malware Config
Extracted
http://angel2gether.de/BlutEngel/SpeechEngines/
http://holonchile.cl/cgi-bin/System32/
http://members.nlbformula.com/cgi-bin/Microsoft.NET/
http://akybron.hu/wordpress/Triedit/
https://norailya.com/drupal/4zKMm/
http://giannaspsychicstudio.com/cgi-bin/Systems/
Targets
-
-
Target
Document.doc
-
Size
103KB
-
MD5
02e5d621d2408c162ebb433af6838c97
-
SHA1
0941bfe53d719ae6c3defef2e496d8feb9bd7a74
-
SHA256
1354c26e824658ca3c3536bce77219b5faf70fe5faf8a9c6dbdb3a026f7fae54
-
SHA512
472ba777f04d0bb57b5d6a9f588b6769268cdc28c74bca42f044e50cdd5caaf3e96090146e484cceb61defdcd2881399bd378249508ffb067e6a3bd6b7dcb0d9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-