General
-
Target
file B_252134.doc
-
Size
139KB
-
Sample
210114-9wqhyx66xn
-
MD5
5755e717ca2ea862e1ac7b6b16e51231
-
SHA1
0b72f94a91bbae534835b094bd619b9ad964eeab
-
SHA256
9df93467bf67b571d11380a8fb29d1a2d82690b2797b73641a513802a4dccd80
-
SHA512
049bd35c7d64a55e4f476297df4bb80c2a477f87b2e42f98bdb2e9ee881c96d52532993e700f7dfad4e02b74f5e4181eb8d92d1593168102818e3c53114f830b
Malware Config
Extracted
https://smkbudiagung.com/wp-content/VoPg04/
https://ats-tx.com/old/f1X/
http://avanttipisos.com.br/catalogo-virtual/U/
http://mpeakecreations.co.za/cgi-bin/vVk1rw/
http://adres-ug.ru/wp-admin/IItD/
https://theraven.pk/overwolf-r6-vdace/UH4fL/
http://bhar.com.br/elementos/MQfB/
Targets
-
-
Target
file B_252134.doc
-
Size
139KB
-
MD5
5755e717ca2ea862e1ac7b6b16e51231
-
SHA1
0b72f94a91bbae534835b094bd619b9ad964eeab
-
SHA256
9df93467bf67b571d11380a8fb29d1a2d82690b2797b73641a513802a4dccd80
-
SHA512
049bd35c7d64a55e4f476297df4bb80c2a477f87b2e42f98bdb2e9ee881c96d52532993e700f7dfad4e02b74f5e4181eb8d92d1593168102818e3c53114f830b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-