General
-
Target
f61e88107c42c1af97e24dcfcb14abfbe34e5e9ed02b00866ed97bf7e138ecc8
-
Size
164KB
-
Sample
210121-x4z6lnbpnn
-
MD5
f56c4babc2174f4557e379e4363ac9d5
-
SHA1
9c84b2c45f054d6be8bf851b2ec0c8ab645e0ed7
-
SHA256
f61e88107c42c1af97e24dcfcb14abfbe34e5e9ed02b00866ed97bf7e138ecc8
-
SHA512
eba57a5df8cc10d48bc08f39e0f43498234641aac1264f063edeae1052f65b498f53a342ba31033661a6e1669e6433cac4119295632b48503e9bcefa5b1d640f
Behavioral task
behavioral1
Sample
f61e88107c42c1af97e24dcfcb14abfbe34e5e9ed02b00866ed97bf7e138ecc8.doc
Resource
win10v20201028
Malware Config
Extracted
http://covisiononeness.org/new/F9v/
https://www.oshiscafe.com/wp-admin/5Dm/
https://lionrockbatteries.com/wp-snapshots/C/
https://www.schmuckfeder.net/reference/ubpV/
http://cirteklink.com/F0xAutoConfig/1Zb4/
https://nimbledesign.miami/wp-admin/C/
http://xunhong.net/sys-cache/D0/
Targets
-
-
Target
f61e88107c42c1af97e24dcfcb14abfbe34e5e9ed02b00866ed97bf7e138ecc8
-
Size
164KB
-
MD5
f56c4babc2174f4557e379e4363ac9d5
-
SHA1
9c84b2c45f054d6be8bf851b2ec0c8ab645e0ed7
-
SHA256
f61e88107c42c1af97e24dcfcb14abfbe34e5e9ed02b00866ed97bf7e138ecc8
-
SHA512
eba57a5df8cc10d48bc08f39e0f43498234641aac1264f063edeae1052f65b498f53a342ba31033661a6e1669e6433cac4119295632b48503e9bcefa5b1d640f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-