General
-
Target
2d2fa64b93abf2055071f77d797832e29b37dcf63c6991b6dbfd0e779af8c115
-
Size
157KB
-
Sample
210113-rk4qqvdx2a
-
MD5
35e3b3f082b480761a8dd73f897bd3c1
-
SHA1
d99e6131f317aa0092e49225b2de65bf4ab064a8
-
SHA256
2d2fa64b93abf2055071f77d797832e29b37dcf63c6991b6dbfd0e779af8c115
-
SHA512
e0e10c8af5e92a59c98ea192e635b278831ad0bb7ad756edc1c3adbc5eaf7fbfa538ccd6ebff7218ac1a1d62477462e562fa23cbb1229d8597d23cb44c0ab8ac
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
2d2fa64b93abf2055071f77d797832e29b37dcf63c6991b6dbfd0e779af8c115
-
Size
157KB
-
MD5
35e3b3f082b480761a8dd73f897bd3c1
-
SHA1
d99e6131f317aa0092e49225b2de65bf4ab064a8
-
SHA256
2d2fa64b93abf2055071f77d797832e29b37dcf63c6991b6dbfd0e779af8c115
-
SHA512
e0e10c8af5e92a59c98ea192e635b278831ad0bb7ad756edc1c3adbc5eaf7fbfa538ccd6ebff7218ac1a1d62477462e562fa23cbb1229d8597d23cb44c0ab8ac
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-