General
-
Target
documentation_ (45).zip
-
Size
15KB
-
Sample
210219-8qa3jl71xs
-
MD5
fc71d024029e6d2031f77ca760a03605
-
SHA1
e0b9029e60523fa91c0f798cdb634c7f2ca5ddd9
-
SHA256
3c56cea361910392c862fd2c4bf0284dbd41f25302b5eac8b973c9b8cdfc0257
-
SHA512
2ce900acd659ce1d801557d3a4d6413b57925bf0fb2612de7a9d3a82ddcd384c260b6699b682bb6d233ff6c39b65dc1228dcc9f84e478395cca40a0720b4d6c3
Malware Config
Extracted
https://miraclecollagen.co.za/ds/1802.gif
Targets
-
-
Target
document-2030967645.xls
-
Size
88KB
-
MD5
362ea37f484bb488fbc8eb28a3f518c1
-
SHA1
aea751439ece3c00c78e97790851a371b410ff61
-
SHA256
924f83df51afb845cbb6672af63e6759b778c0e43da99989ed74db1dbf61a39e
-
SHA512
5a7dfd37480362993e33a4bd04408bd7f5b57be002dcd7f5c5f119d2268ad0b056aa54a54a3ba0a5e4f170cb40c6bf8058e8ee137a01f934ba7afe4d9d4472d1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Loads dropped DLL
-