General
-
Target
E1-20210120-xxxx.zip
-
Size
83KB
-
Sample
210120-cxpvkvzryj
-
MD5
6d0ae70e23c1c9acebe404b0b8b53dd3
-
SHA1
8501e30709b8cb126bd56d10b247a7dd700db038
-
SHA256
1c064b17f6fa7744770a9a8465c41bf2f6711bf65b9992763be5f792b756cf0f
-
SHA512
3a4cae8e5c6bdf6b7a41172cecfde897a983606130ee384484b30c6150157d44b3eae9a704aa21f2b48bda783bb18be0b66ef7400b2690fe3b00cd95979c06cb
Behavioral task
behavioral1
Sample
Mes 53060.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Mes 53060.doc
Resource
win10v20201028
Malware Config
Extracted
http://avz-pr.com/wp-includes/hJ/
https://ultimatesoftwarenet.com/wp-content/upB/
https://sundargarhmirror.com/wp-content/sRu7KK/
https://cawada.com/wp-content/7SSUz0/
https://hilmagym.com/alden-s-ylxyau/Rljs3s/
https://yurdumaku.com/blogs/zQAwwA/
http://www.surveycanada.xyz/wp-content/0sDDTy/
Targets
-
-
Target
Mes 53060.doc
-
Size
162KB
-
MD5
5d6e34e6e9d3025d3fbf43075c149965
-
SHA1
3f38dc61f0d24411753e55f5abb8a3eb3bcd9a6a
-
SHA256
9811dc518086c80be81829db246a7e7dce042b6630d27f2f8361608e655d7aa9
-
SHA512
97d4c04ff6a82ca7462caf411e6bdb408d7098884315da2f130a852c16c25a783af1f2a90a10d3689fedcbb576a9a4ae53151eda0e1d581f7eec762a907ab4d9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-