General
-
Target
d09519bde691d7455090dd8d77cc6035dd1ddf8ce5d7b437dbd4f3bae9ba3fb9
-
Size
165KB
-
Sample
210121-hzkvyybqjn
-
MD5
66b23254a90dbfe8ee080e6c86959ab3
-
SHA1
0013f337fcacdbead3c981ad96cbfc888de5c966
-
SHA256
d09519bde691d7455090dd8d77cc6035dd1ddf8ce5d7b437dbd4f3bae9ba3fb9
-
SHA512
1d5715a9e3523152744962ff5c0366f75aa62cda869607db5f006fe27bb993eab6816b16062bc75fc68c75913663fddec566631562bb4c8e4d6b51bbf03fcc56
Behavioral task
behavioral1
Sample
d09519bde691d7455090dd8d77cc6035dd1ddf8ce5d7b437dbd4f3bae9ba3fb9.doc
Resource
win10v20201028
Malware Config
Extracted
http://covisiononeness.org/new/F9v/
https://www.oshiscafe.com/wp-admin/5Dm/
https://lionrockbatteries.com/wp-snapshots/C/
https://www.schmuckfeder.net/reference/ubpV/
http://cirteklink.com/F0xAutoConfig/1Zb4/
https://nimbledesign.miami/wp-admin/C/
http://xunhong.net/sys-cache/D0/
Targets
-
-
Target
d09519bde691d7455090dd8d77cc6035dd1ddf8ce5d7b437dbd4f3bae9ba3fb9
-
Size
165KB
-
MD5
66b23254a90dbfe8ee080e6c86959ab3
-
SHA1
0013f337fcacdbead3c981ad96cbfc888de5c966
-
SHA256
d09519bde691d7455090dd8d77cc6035dd1ddf8ce5d7b437dbd4f3bae9ba3fb9
-
SHA512
1d5715a9e3523152744962ff5c0366f75aa62cda869607db5f006fe27bb993eab6816b16062bc75fc68c75913663fddec566631562bb4c8e4d6b51bbf03fcc56
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-