General
-
Target
4561fa98806bbbf102445b2e7c4fe9075a9331c89c21dd346dd5cb57c1ba7c7c
-
Size
174KB
-
Sample
210122-nqcmg3c6z2
-
MD5
72fa50e0c16c480f22517423887a3a94
-
SHA1
8060a306d40bbd25cd0f38e8a77ce0559a0e328b
-
SHA256
4561fa98806bbbf102445b2e7c4fe9075a9331c89c21dd346dd5cb57c1ba7c7c
-
SHA512
cb38c2bd45105bbad5934eacaad1d1f9f5b03fcc61f5cd92097d86aeaffb4331c8d4855faf07fe008f90a62ad19f315119bc47d137ac52ff8c974874459935fc
Behavioral task
behavioral1
Sample
4561fa98806bbbf102445b2e7c4fe9075a9331c89c21dd346dd5cb57c1ba7c7c.doc
Resource
win10v20201028
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
4561fa98806bbbf102445b2e7c4fe9075a9331c89c21dd346dd5cb57c1ba7c7c
-
Size
174KB
-
MD5
72fa50e0c16c480f22517423887a3a94
-
SHA1
8060a306d40bbd25cd0f38e8a77ce0559a0e328b
-
SHA256
4561fa98806bbbf102445b2e7c4fe9075a9331c89c21dd346dd5cb57c1ba7c7c
-
SHA512
cb38c2bd45105bbad5934eacaad1d1f9f5b03fcc61f5cd92097d86aeaffb4331c8d4855faf07fe008f90a62ad19f315119bc47d137ac52ff8c974874459935fc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-