General
-
Target
7627eda11db6d5331a7931781d0dc65d79582d05ee0bd74c9a8fe845b2191c64
-
Size
156KB
-
Sample
210112-ztlakt9yye
-
MD5
29a624dada7f21bd5c90c5378e15fa6f
-
SHA1
8bfe71d33b145a27c32fd08057671778ca5a2b20
-
SHA256
7627eda11db6d5331a7931781d0dc65d79582d05ee0bd74c9a8fe845b2191c64
-
SHA512
64853f7ac3e870340e08f42dd64824852c64ccbead53b10b303f8c7636759516131342d1b20c7427b7c333d63880d32d9c3b1287341ed67565ed8b5f4fc6d456
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
7627eda11db6d5331a7931781d0dc65d79582d05ee0bd74c9a8fe845b2191c64
-
Size
156KB
-
MD5
29a624dada7f21bd5c90c5378e15fa6f
-
SHA1
8bfe71d33b145a27c32fd08057671778ca5a2b20
-
SHA256
7627eda11db6d5331a7931781d0dc65d79582d05ee0bd74c9a8fe845b2191c64
-
SHA512
64853f7ac3e870340e08f42dd64824852c64ccbead53b10b303f8c7636759516131342d1b20c7427b7c333d63880d32d9c3b1287341ed67565ed8b5f4fc6d456
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-