General
-
Target
4a2fa6f89bd5826c3451e003332646d61f90c6ecd276a9d2178122bbe1293059
-
Size
157KB
-
Sample
210113-s9mbwp43fe
-
MD5
00468da01d006052c193e138c0ef88b7
-
SHA1
b5e6f24bf7e0d164b9ae48eb312939e1202c80ac
-
SHA256
4a2fa6f89bd5826c3451e003332646d61f90c6ecd276a9d2178122bbe1293059
-
SHA512
0f4a7a03e1c35fd7fdb896edb8c8f97a6e07dcb7c2e81d00193dd4b321078b46a80e50b494232def13d4e14af61d1311554840ef21e480235454ee2c6f1bd480
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
4a2fa6f89bd5826c3451e003332646d61f90c6ecd276a9d2178122bbe1293059
-
Size
157KB
-
MD5
00468da01d006052c193e138c0ef88b7
-
SHA1
b5e6f24bf7e0d164b9ae48eb312939e1202c80ac
-
SHA256
4a2fa6f89bd5826c3451e003332646d61f90c6ecd276a9d2178122bbe1293059
-
SHA512
0f4a7a03e1c35fd7fdb896edb8c8f97a6e07dcb7c2e81d00193dd4b321078b46a80e50b494232def13d4e14af61d1311554840ef21e480235454ee2c6f1bd480
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-