General
-
Target
SecuriteInfo.com.W97M.DownLoader.5071.839.19187
-
Size
144KB
-
Sample
210120-2dq4gl757x
-
MD5
fc59bf0dc1610f692a98c99baec41a01
-
SHA1
b58c2ea4490c574bfbf0eb31f4949cc95c43c46a
-
SHA256
f1d61f4415e35f4fbff441b2dfb744721b4cbcfe2ae78a1f52bba612457d22be
-
SHA512
4a08672f2450a202f2f0668fa73c12fb0b49e78f7a66fb87970151699263fc87299674025a61bec2e7e509960dcd8568301700a199e172ab9b054db1fad659b8
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W97M.DownLoader.5071.839.19187.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W97M.DownLoader.5071.839.19187.doc
Resource
win10v20201028
Malware Config
Extracted
https://obob.tv/content/rpKmYv/
http://infoprocenter.com/wp-admin/MSInfo/
http://miprimercamino.com/cgi-bin/AJ09AzChrK/
http://mobilepro-tm.online/wp-admin/VGX/
https://www.terrakulturegallery.com/wp-admin/ZNg6V7pv/
http://bingdaofuzhu.com/wp-content/L/
Targets
-
-
Target
SecuriteInfo.com.W97M.DownLoader.5071.839.19187
-
Size
144KB
-
MD5
fc59bf0dc1610f692a98c99baec41a01
-
SHA1
b58c2ea4490c574bfbf0eb31f4949cc95c43c46a
-
SHA256
f1d61f4415e35f4fbff441b2dfb744721b4cbcfe2ae78a1f52bba612457d22be
-
SHA512
4a08672f2450a202f2f0668fa73c12fb0b49e78f7a66fb87970151699263fc87299674025a61bec2e7e509960dcd8568301700a199e172ab9b054db1fad659b8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-