General
-
Target
Attachments_276.doc
-
Size
162KB
-
Sample
210114-lmfx4gh2w2
-
MD5
1e36711be581dee9f77ef2243b2a6048
-
SHA1
d446161ee0af2b40768c72ad7b9159a9e81d655a
-
SHA256
a8b8fb73b3d7ae7a1780ae143dbfb66471afacb86c69e3270e026e8f11281918
-
SHA512
363b2265fed1b89396e8fa9c928fa3b754b3fe2afde0aadd1ffe4005524ea25bb39c6e4ea516c2b13cae8587d0eea4572f020d4344ab73f72536e66bb5f20c25
Behavioral task
behavioral1
Sample
Attachments_276.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Attachments_276.doc
Resource
win10v20201028
Malware Config
Extracted
http://www.mitraship.com/wp-content/ZKeB/
http://djsrecord.com/wp-includes/abop/
https://lastfrontierstrekking.com/new/2OaabFU/
https://watchnshirt.com/y/L7z9YcA/
https://www.impipower.com/wp-content/U/
https://www.inkayniperutours.com/druver/LtcG/
https://vysimopoulos.com/d/NF/
Targets
-
-
Target
Attachments_276.doc
-
Size
162KB
-
MD5
1e36711be581dee9f77ef2243b2a6048
-
SHA1
d446161ee0af2b40768c72ad7b9159a9e81d655a
-
SHA256
a8b8fb73b3d7ae7a1780ae143dbfb66471afacb86c69e3270e026e8f11281918
-
SHA512
363b2265fed1b89396e8fa9c928fa3b754b3fe2afde0aadd1ffe4005524ea25bb39c6e4ea516c2b13cae8587d0eea4572f020d4344ab73f72536e66bb5f20c25
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-