General
-
Target
f9daa18f5b5f3b861192e888a93bc2bd54a5a29ed0b489860aa5f8fb96afc0d4.zip
-
Size
19KB
-
Sample
210302-8xphqwb5vn
-
MD5
16b96e53a45464af08b2055a085095ab
-
SHA1
06598d50938181ce7bfb438653c1bf96b469c1af
-
SHA256
b5b2501e8edbbfbe98a9a37d832c6beeb142258af1931fb7efbeb71816d346e9
-
SHA512
e8f7fd78f5cdc5cd418f2de7f63294d5600e740c52fb613675e7344a907f6b4ffb135a13cd9a3255da330624755b62c4643bab2310adef3511bd6788d773512c
Behavioral task
behavioral1
Sample
537.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
537.xls
Resource
win10v20201028
Malware Config
Extracted
http://metodotiza.com/server.php
Targets
-
-
Target
537.xls
-
Size
59KB
-
MD5
1080ea3405d7fda958c134b22779eba9
-
SHA1
a084dd81df0f23687f861e903bb7a5e1f8cb4956
-
SHA256
f9daa18f5b5f3b861192e888a93bc2bd54a5a29ed0b489860aa5f8fb96afc0d4
-
SHA512
e4a26cf1c55c85c76716a336739c00afcfc412a35ec2b0a1148989f7f91e53a84d118ad3ce312ec247da2f4105fb68028725d1cb1c372cb387c9fc616264c9c2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-