General
-
Target
082472570fda4d20316e89641483eb7809037a15cd1ce03950e34f68fa052417
-
Size
172KB
-
Sample
210122-xnxqkb8zk6
-
MD5
23ea130e0401a2edcd50cbe903fa877d
-
SHA1
2ef2d50396da0c712ff082db5825546bcac66967
-
SHA256
082472570fda4d20316e89641483eb7809037a15cd1ce03950e34f68fa052417
-
SHA512
b6493aedfd114a173062535310eaf296e7d42463d75451d5beecc9def0dd10cc23567ac518e609e80503a789652fca296aae72973803de2c85dfbff7175e7719
Malware Config
Extracted
http://coworkingplus.es/wp-admin/FxmME/
http://silkonbusiness.matrixinfotechsolution.com/js/q26/
https://bbjugueteria.com/s6kscx/Z/
https://www.bimception.com/wp-admin/sHy5t/
http://armakonarms.com/wp-includes/fz/
http://alugrama.com.mx/t/2/
http://homecass.com/wp-content/iF/
Targets
-
-
Target
082472570fda4d20316e89641483eb7809037a15cd1ce03950e34f68fa052417
-
Size
172KB
-
MD5
23ea130e0401a2edcd50cbe903fa877d
-
SHA1
2ef2d50396da0c712ff082db5825546bcac66967
-
SHA256
082472570fda4d20316e89641483eb7809037a15cd1ce03950e34f68fa052417
-
SHA512
b6493aedfd114a173062535310eaf296e7d42463d75451d5beecc9def0dd10cc23567ac518e609e80503a789652fca296aae72973803de2c85dfbff7175e7719
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-