General
-
Target
rep 20210120.zip
-
Size
84KB
-
Sample
210120-ltr2qjk152
-
MD5
07267d9ad1ba80cc76c04522a098a1b4
-
SHA1
613fec9139a6d5a4ae3221bdab1caa344be0985b
-
SHA256
d1ca9cd6c0c7180ba5b5b2d311206df33940aafe7b2ad1c75bd32ba50a2172f5
-
SHA512
dc6a86e2fdb583811e16ced3a413dac5069f75123a411fb79fb0843fb9de8b5e3ef67b0d5dc9abf39f4a104b41945da723c1eba25b96699de9769d054b7bd3ae
Behavioral task
behavioral1
Sample
rep 20210120.doc
Resource
win10v20201028
Malware Config
Extracted
http://zhongsijiacheng.com/wp-content/jn5/
http://artistascitizen.com/wp-content/Bx3cr6/
http://ombchardin.com/archive/V/
https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
https://happycheftv.com/wp-admin/z6uGcbY/
https://careercoachconnection.com/tenderometer/4K/
https://tacademicos.com/content/JbF68i/
Targets
-
-
Target
rep 20210120.doc
-
Size
159KB
-
MD5
d6bb5641cb83904a539d884ae714a6e8
-
SHA1
173e25426b46cc14fb5abc49bfb2b33e81fa9fc3
-
SHA256
a74e6ac25d9467a56677ba91de26323ebb0f5d3da5ab8c734e5e33d7ecd275f4
-
SHA512
901ebc7c64ad69902c8ad0037ceaee9c85755e74a78ca32e5046291f91470e848f3662125529915c8468fbbbaf75829f78bb8eedadd4778c6d6d1b530f1805e5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-