General
-
Target
Documents.zip
-
Size
42KB
-
Sample
210113-5tdc5vs1d6
-
MD5
14c12aa55e35368d0edfeded79f4fe53
-
SHA1
094d56b7d66bdce6de6478182172ec01a6137443
-
SHA256
acae007f33b0f17af13e07ca1087b3c349e3ac14b5ba089889ba8be756abcc66
-
SHA512
f3d96205096986662d91ba2c6b49d2fcc3d469a9bed1f384ecbbfbe69781bfe06065e751a992994f0527f524424377df1f6ff1eaf40d056aac54958ecc80eaa5
Behavioral task
behavioral1
Sample
Documents.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Documents.doc
Resource
win10v20201028
Malware Config
Extracted
https://globalruraldevelopmentagency.co.za/cgi-bin/inf/
https://trioconcuerda.es/cgi-bin/Services/
http://abbc.tv/wp-content/Triedit/
http://asafina.co/wp-content/G3GLLO/
http://bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
http://larissarobles.com/wp-admin/SIGNUP/
Targets
-
-
Target
Documents.doc
-
Size
87KB
-
MD5
1df0b5bc020b7debcd01a3634d2ece0f
-
SHA1
6969d80789fccc3d66fc37fda2fb674e0bab6b25
-
SHA256
19b82276e00c7dd94381cb2e5fb6889eeee013a79cf4fb74d2f1cdc40051c718
-
SHA512
b00bac9ef3374cbb8a5864dc810c866ddbd86abe6a55d67c4922f86d28187353153ac1425622ff1f28bcec0d18ffe1e89ddb8e588e2f8739f3a771899745d5a4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-