General
-
Target
c56e64333878661b5c0a2ca6fafb49c64b2c59dcbbc71dfb9835e5b22d7a80ff
-
Size
171KB
-
Sample
210122-wmsgsfn5cj
-
MD5
ba632fe645d76726a8d8e21d01c7bd93
-
SHA1
4c71e4171052f9d9021fb2a2b49c9c5d4f9f6262
-
SHA256
c56e64333878661b5c0a2ca6fafb49c64b2c59dcbbc71dfb9835e5b22d7a80ff
-
SHA512
c6c0117a235a5a7eaf4ddff2fdb98f392009ebab7af7565d40ac5057f1df1f9d1f8b2a855863b98c6bc93041f15bc13cbe2d2b540ac26752b1243a9e6eb19645
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
c56e64333878661b5c0a2ca6fafb49c64b2c59dcbbc71dfb9835e5b22d7a80ff
-
Size
171KB
-
MD5
ba632fe645d76726a8d8e21d01c7bd93
-
SHA1
4c71e4171052f9d9021fb2a2b49c9c5d4f9f6262
-
SHA256
c56e64333878661b5c0a2ca6fafb49c64b2c59dcbbc71dfb9835e5b22d7a80ff
-
SHA512
c6c0117a235a5a7eaf4ddff2fdb98f392009ebab7af7565d40ac5057f1df1f9d1f8b2a855863b98c6bc93041f15bc13cbe2d2b540ac26752b1243a9e6eb19645
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-