General
-
Target
05504-122020.doc
-
Size
208KB
-
Sample
210309-hkndb1zras
-
MD5
129154ace2845c087bbd66916306f1fb
-
SHA1
65b731e5b97c63e59c03d2571de02414d4912eeb
-
SHA256
effe6ed0eaae43f9ab347679a9abfe647cc606e64c1f742259f8ddc73f58923a
-
SHA512
6616267e59fb1fb124b032b800b54d664ed44d8cdcd1ab3851d3fb90746e6264aee748956badbc0327a3b4f05b03c52c7331c9a1a1b7681443037f3273cdfd4a
Malware Config
Extracted
http://anjumanclick.com/q/kvM/
https://duocnhanhoa.com/wp-admin/J5JbVEY/
https://yellomosquito.com/wp-includes/w/
https://thaithienson.net/wp-admin/EksZXO/
http://penambahberatbadan.info/r/pXPKwJ/
https://thienloc.org/data-sgp-kgfig/AaK/
https://ecomdemo2.ogsdev.net/wp-content/zWWB/
Targets
-
-
Target
05504-122020.doc
-
Size
208KB
-
MD5
129154ace2845c087bbd66916306f1fb
-
SHA1
65b731e5b97c63e59c03d2571de02414d4912eeb
-
SHA256
effe6ed0eaae43f9ab347679a9abfe647cc606e64c1f742259f8ddc73f58923a
-
SHA512
6616267e59fb1fb124b032b800b54d664ed44d8cdcd1ab3851d3fb90746e6264aee748956badbc0327a3b4f05b03c52c7331c9a1a1b7681443037f3273cdfd4a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-