General
-
Target
E1-20210120_1545
-
Size
157KB
-
Sample
210120-sstphl7q5n
-
MD5
d70c5c808a719bbd58930c42ffe7b105
-
SHA1
2aee11676a88e56ce67213f8ee1005ebb9835469
-
SHA256
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34
-
SHA512
f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573
Malware Config
Extracted
http://zhongsijiacheng.com/wp-content/jn5/
http://artistascitizen.com/wp-content/Bx3cr6/
http://ombchardin.com/archive/V/
https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
https://happycheftv.com/wp-admin/z6uGcbY/
https://careercoachconnection.com/tenderometer/4K/
https://tacademicos.com/content/JbF68i/
Targets
-
-
Target
E1-20210120_1545
-
Size
157KB
-
MD5
d70c5c808a719bbd58930c42ffe7b105
-
SHA1
2aee11676a88e56ce67213f8ee1005ebb9835469
-
SHA256
6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34
-
SHA512
f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-