General
-
Target
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864
-
Size
87KB
-
Sample
210115-zjjvve7ada
-
MD5
3ab2daf32a000abd8a5dc328235f51f9
-
SHA1
d6dca90e6b8e05a9aff966becf5d3b9fea0256fc
-
SHA256
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864
-
SHA512
9cff3d95de479d3a48adbc1e1a4ad7dacbbf0d0f27cb6276e39da38a4bcea383f20a79feb0fee1d19d5f8c09941e8e648741e208d6655e688d51d6b37c2be480
Behavioral task
behavioral1
Sample
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864.doc
Resource
win10v20201028
Malware Config
Extracted
https://globalruraldevelopmentagency.co.za/cgi-bin/inf/
https://trioconcuerda.es/cgi-bin/Services/
http://abbc.tv/wp-content/Triedit/
http://asafina.co/wp-content/G3GLLO/
http://bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
http://larissarobles.com/wp-admin/SIGNUP/
Targets
-
-
Target
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864
-
Size
87KB
-
MD5
3ab2daf32a000abd8a5dc328235f51f9
-
SHA1
d6dca90e6b8e05a9aff966becf5d3b9fea0256fc
-
SHA256
e5fc03b4e3a35dc4ecb66fecaf41bf2f410f65102a8d3c6ba998d699d5d2c864
-
SHA512
9cff3d95de479d3a48adbc1e1a4ad7dacbbf0d0f27cb6276e39da38a4bcea383f20a79feb0fee1d19d5f8c09941e8e648741e208d6655e688d51d6b37c2be480
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-