General
-
Target
20a4ce10015e7f7a188f078f556014c53e2c1c3e00f1b335c8ebbd4395a13ff6
-
Size
157KB
-
Sample
210112-m84y1mypze
-
MD5
c9cc0404293b248cce6b7325d55bcbe2
-
SHA1
1abeffbc0bca099c6730b8652590815941864939
-
SHA256
20a4ce10015e7f7a188f078f556014c53e2c1c3e00f1b335c8ebbd4395a13ff6
-
SHA512
5fcb59f815d593b9ce82be5baf426358d1e35cf8cc51a8b66f61b973315bac49ba7fcd6a770e4eae19fef52686a1eca01859fb33fc5fb3b7d8e8e84f64bae599
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
20a4ce10015e7f7a188f078f556014c53e2c1c3e00f1b335c8ebbd4395a13ff6
-
Size
157KB
-
MD5
c9cc0404293b248cce6b7325d55bcbe2
-
SHA1
1abeffbc0bca099c6730b8652590815941864939
-
SHA256
20a4ce10015e7f7a188f078f556014c53e2c1c3e00f1b335c8ebbd4395a13ff6
-
SHA512
5fcb59f815d593b9ce82be5baf426358d1e35cf8cc51a8b66f61b973315bac49ba7fcd6a770e4eae19fef52686a1eca01859fb33fc5fb3b7d8e8e84f64bae599
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-