General
-
Target
Data 273.doc
-
Size
159KB
-
Sample
210114-vggmhmq56n
-
MD5
0bc65534e9b77a25446ac704ae00cd15
-
SHA1
e771564e27f43c950ea619acebd2a7c08df1e05b
-
SHA256
9ad089f16f0a4ca1f7e080a145c3e3e2bd8eff72089ee5d61066463a7ca94805
-
SHA512
e588b9d031a1c8a315f28cbb08703a020a83a32f5a21cd7494cfb5e6946a54a8018b24ee53df9f1bc884ae2baa1404bd51491eab70bc595027a6d95185e55295
Malware Config
Extracted
http://ketorecipesfit.com/wp-admin/afanv/
http://mertelofis.com/wp-content/As0/
http://givingthanksdaily.com/CP/
http://datawyse.net/0X3QY/
http://cs.lcxxny.com/wp-includes/E3U8nn/
http://makiyazhdoma.ru/blocked/tgEeW8M/
http://trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/
Targets
-
-
Target
Data 273.doc
-
Size
159KB
-
MD5
0bc65534e9b77a25446ac704ae00cd15
-
SHA1
e771564e27f43c950ea619acebd2a7c08df1e05b
-
SHA256
9ad089f16f0a4ca1f7e080a145c3e3e2bd8eff72089ee5d61066463a7ca94805
-
SHA512
e588b9d031a1c8a315f28cbb08703a020a83a32f5a21cd7494cfb5e6946a54a8018b24ee53df9f1bc884ae2baa1404bd51491eab70bc595027a6d95185e55295
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-