General
-
Target
E1-2021-01-20_1545.zip
-
Size
83KB
-
Sample
210120-673fc5xcjx
-
MD5
d8f03539e4eda59180bd91696e308372
-
SHA1
7cc0c5ee1645998b2113424786a8480fbbf13218
-
SHA256
209485fc97ce94573384397cf83846ddd453636ed7cb382725cd6fd961f4de40
-
SHA512
1d5293c5afcfc2ad763d9486e9a7964daba7b30f0ddf6d5c2c5717bf26e25b404a5a5180100c25dde798291b32d66ffb4dc5f8de836188ffb5e32c3407cd0137
Behavioral task
behavioral1
Sample
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34.doc
Resource
win10v20201028
Malware Config
Extracted
http://zhongsijiacheng.com/wp-content/jn5/
http://artistascitizen.com/wp-content/Bx3cr6/
http://ombchardin.com/archive/V/
https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
https://happycheftv.com/wp-admin/z6uGcbY/
https://careercoachconnection.com/tenderometer/4K/
https://tacademicos.com/content/JbF68i/
Targets
-
-
Target
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34.doc
-
Size
157KB
-
MD5
d70c5c808a719bbd58930c42ffe7b105
-
SHA1
2aee11676a88e56ce67213f8ee1005ebb9835469
-
SHA256
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34
-
SHA512
f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-