General
-
Target
2020-29-12-76862.doc
-
Size
157KB
-
Sample
210113-4gks6d9bse
-
MD5
ac83017cd1c54fbe30b8c3a9ae6afb43
-
SHA1
8c83cfe2ae34701a1fcfbcaf7cb4b05a346d7587
-
SHA256
d3223160125e699dcc3187c07eac467b90e23023885f0b5434e4dccb1c176600
-
SHA512
fbd0dd49a940f9e6db7e730fd59c698b536fe49b4bea732055243aee6d7523dd4b678c0933c6e7830237f1cb8f1854a0c01c320671b6938fc94c94ac9a2f4a7f
Malware Config
Extracted
https://thespaceastronauts.com/wp-content/j/
http://sanghuangvip.com/wp-admin/7ezn/
https://www.scooterinsurance.co.uk/wp-includes/m/
http://nasabatam.bbtbatam.com/wp-admin/QwZXR/
http://4k-iptv.eu/joinery-companies-hz4lm/T6wpd/
https://technicalashish.in/wp-admin/M/
https://ilmeteo.dev.keyformat.it/tpl/GB/
Targets
-
-
Target
2020-29-12-76862.doc
-
Size
157KB
-
MD5
ac83017cd1c54fbe30b8c3a9ae6afb43
-
SHA1
8c83cfe2ae34701a1fcfbcaf7cb4b05a346d7587
-
SHA256
d3223160125e699dcc3187c07eac467b90e23023885f0b5434e4dccb1c176600
-
SHA512
fbd0dd49a940f9e6db7e730fd59c698b536fe49b4bea732055243aee6d7523dd4b678c0933c6e7830237f1cb8f1854a0c01c320671b6938fc94c94ac9a2f4a7f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-