General
-
Target
Account_30_12_2020.doc
-
Size
156KB
-
Sample
210113-h9w7qh2yja
-
MD5
97213d62042927ecab4a2608b38a37af
-
SHA1
d4c68b37c5729d94699e00e8fc1edf97a18ba599
-
SHA256
9d1c6b80623e5e370ed018b95870675936022c4a9bf0ddc1378db520b304309e
-
SHA512
4e89d7541e38a797c279f8e271adb06ba54a2764d29a8b4e33b93bb79bee74f1affa147ac3dfd9cd4e6330290dda64cac1b99a7f7fd4b3bc0e5c14cc4d6196f6
Malware Config
Extracted
http://www.mypostletter.com/wp-admin/G3/
http://www.trueapparels.com/a/4k/
http://iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/
http://www.xportfreight.com/wp-content/c/
http://talentvalue.com/wp-admin/DEoUM/
https://skyeconsultoria.com.br/wp-admin/co/
https://atprofessional.org/wp-content/O6Vey/
Targets
-
-
Target
Account_30_12_2020.doc
-
Size
156KB
-
MD5
97213d62042927ecab4a2608b38a37af
-
SHA1
d4c68b37c5729d94699e00e8fc1edf97a18ba599
-
SHA256
9d1c6b80623e5e370ed018b95870675936022c4a9bf0ddc1378db520b304309e
-
SHA512
4e89d7541e38a797c279f8e271adb06ba54a2764d29a8b4e33b93bb79bee74f1affa147ac3dfd9cd4e6330290dda64cac1b99a7f7fd4b3bc0e5c14cc4d6196f6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-