General
-
Target
Bank_2020_12_9663193478.doc
-
Size
159KB
-
Sample
210113-ycfea5xdwx
-
MD5
a62fc9507760d45349a9ce1af9700962
-
SHA1
263b72ee6f86c510e0b8a949acc0dd426b79b316
-
SHA256
6b2addd77d4961da71636553bd57f3b73bf65aebc867a3a3f0508dd58d89174e
-
SHA512
e03ef2398d786db29afe7f075a84f3cf28095495faf4de86011a04fcaadf61b677097d686a20fdbaa9294343f2ad69ebb27489d014c95725226436958e91d554
Malware Config
Extracted
https://familylifetruth.com/cgi-bin/PPq7/
https://coshou.com/wp-admin/EM/
https://www.todoensaludips.com/wp-includes/9/
https://dieuhoaxanh.vn/wp-admin/a/
http://cahyaproperty.bbtbatam.com/mhD/
http://depannage-vehicule-maroc.com/wp-admin/c/
https://techworldo.com/cgi-bin/gcZ/
Targets
-
-
Target
Bank_2020_12_9663193478.doc
-
Size
159KB
-
MD5
a62fc9507760d45349a9ce1af9700962
-
SHA1
263b72ee6f86c510e0b8a949acc0dd426b79b316
-
SHA256
6b2addd77d4961da71636553bd57f3b73bf65aebc867a3a3f0508dd58d89174e
-
SHA512
e03ef2398d786db29afe7f075a84f3cf28095495faf4de86011a04fcaadf61b677097d686a20fdbaa9294343f2ad69ebb27489d014c95725226436958e91d554
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-