General
-
Target
T184213_2020.doc
-
Size
208KB
-
Sample
210309-nl5ng5e3tj
-
MD5
5e106f61c1d088f599c47cf756592171
-
SHA1
829d57a809bc9a5ed24afc2beca25703dd48859e
-
SHA256
e725bc02dd4202860e222fe77a07432c587de089daa010f4543451a945236d9d
-
SHA512
03dafd4aee8a06b0d1da43eefb8f67bcd3b06eff79b8f3b7cad907e6c569928a112c95a812d1a6f90a725bb5a106aa065726ee4f429760174b79d3307584b263
Malware Config
Extracted
http://anjumanclick.com/q/kvM/
https://duocnhanhoa.com/wp-admin/J5JbVEY/
https://yellomosquito.com/wp-includes/w/
https://thaithienson.net/wp-admin/EksZXO/
http://penambahberatbadan.info/r/pXPKwJ/
https://thienloc.org/data-sgp-kgfig/AaK/
https://ecomdemo2.ogsdev.net/wp-content/zWWB/
Targets
-
-
Target
T184213_2020.doc
-
Size
208KB
-
MD5
5e106f61c1d088f599c47cf756592171
-
SHA1
829d57a809bc9a5ed24afc2beca25703dd48859e
-
SHA256
e725bc02dd4202860e222fe77a07432c587de089daa010f4543451a945236d9d
-
SHA512
03dafd4aee8a06b0d1da43eefb8f67bcd3b06eff79b8f3b7cad907e6c569928a112c95a812d1a6f90a725bb5a106aa065726ee4f429760174b79d3307584b263
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-