General
-
Target
info 3136 612120.doc
-
Size
160KB
-
Sample
210121-q6bqe5ftzx
-
MD5
09118dcb9b739693c1d20b20479e84f2
-
SHA1
b52006dc398917635ff877cc819aaa5572ee323e
-
SHA256
fadcd976d1dd0e598ae9986a587216d8ab796424e2ca7ae15cc4bdbddde3ee28
-
SHA512
bf4e1ddfe636eee9ebfcf0802f654badac71a1b7e0ef536c63779925a4c3c82e9681d958ebc5e387bdcb91dd15b4475f93a5b03726b4459eb586f2c37b9c6731
Malware Config
Extracted
http://ketorecipesfit.com/wp-admin/afanv/
http://mertelofis.com/wp-content/As0/
http://givingthanksdaily.com/CP/
http://datawyse.net/0X3QY/
http://cs.lcxxny.com/wp-includes/E3U8nn/
http://makiyazhdoma.ru/blocked/tgEeW8M/
http://trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/
Targets
-
-
Target
info 3136 612120.doc
-
Size
160KB
-
MD5
09118dcb9b739693c1d20b20479e84f2
-
SHA1
b52006dc398917635ff877cc819aaa5572ee323e
-
SHA256
fadcd976d1dd0e598ae9986a587216d8ab796424e2ca7ae15cc4bdbddde3ee28
-
SHA512
bf4e1ddfe636eee9ebfcf0802f654badac71a1b7e0ef536c63779925a4c3c82e9681d958ebc5e387bdcb91dd15b4475f93a5b03726b4459eb586f2c37b9c6731
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-