General
-
Target
Archivo 2020-R7352.doc
-
Size
159KB
-
Sample
210113-3xwm3y48rx
-
MD5
b1c051ba9d0d7843ab2d42babb2b92d1
-
SHA1
90cb16b7cacb0536a6ca8fdea2da8cdb6be86ff1
-
SHA256
2e5599c71028de6a5c1202946484ff5020f38bb282b78e69aade9c840c3e2f24
-
SHA512
e9d304415157b1760c55e8784621396482908668905eebaf389959693725ba61397064f5fc21b31d8eb1cbbab64d88efa6232cba743f34d90dd1c7dd71ba7b4b
Malware Config
Extracted
https://familylifetruth.com/cgi-bin/PPq7/
https://coshou.com/wp-admin/EM/
https://www.todoensaludips.com/wp-includes/9/
https://dieuhoaxanh.vn/wp-admin/a/
http://cahyaproperty.bbtbatam.com/mhD/
http://depannage-vehicule-maroc.com/wp-admin/c/
https://techworldo.com/cgi-bin/gcZ/
Targets
-
-
Target
Archivo 2020-R7352.doc
-
Size
159KB
-
MD5
b1c051ba9d0d7843ab2d42babb2b92d1
-
SHA1
90cb16b7cacb0536a6ca8fdea2da8cdb6be86ff1
-
SHA256
2e5599c71028de6a5c1202946484ff5020f38bb282b78e69aade9c840c3e2f24
-
SHA512
e9d304415157b1760c55e8784621396482908668905eebaf389959693725ba61397064f5fc21b31d8eb1cbbab64d88efa6232cba743f34d90dd1c7dd71ba7b4b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-