General
-
Target
Complaint-Letter-641255205-03102021.zip
-
Size
50KB
-
Sample
210311-3aqz95fzfn
-
MD5
e61dfa64c54e8219e2839226e144da62
-
SHA1
70bc8a8e02694a546de31df1707613e4ec15026c
-
SHA256
10dcbbb94986d7078525942a32e1ce7a5994db855d91dfb6bc0af4454c275d00
-
SHA512
6384b6f36ec270552d45e922b067543e10b2505426ba2aad2c43f9112b7148b427905253c08e72eeb288e6852f5c3d4fbdb3a65e9198ae150c7ba5c4fd0db9b1
Malware Config
Extracted
http://oracledispatch.com/pijxju/44266.8774986111.dat
http://alvaelectrical.ir/jfvrrvwxrsv/44266.8774986111.dat
http://www.bekagayrimenkul.com/xtgudsvqubbk/44266.8774986111.dat
http://civil-group.ir/rvnhdtkyxgu/44266.8774986111.dat
http://kumarpropack.com/jdvcnedwvpr/44266.8774986111.dat
Targets
-
-
Target
Complaint-Letter-641255205-03102021.xls
-
Size
281KB
-
MD5
e0ba5c610d3096ff98c2ff1d683b7f8e
-
SHA1
cf72fda2892d65a37e710de892672ba75ade3694
-
SHA256
f27b807a56b6166eb9ae91a78ecfbf9abba29fa83970ff81c2ae23aa67df3eae
-
SHA512
97597ccf03e75ddbef2e7f9b25121767dc3a8fb7346f9209cfbfc639449e05edf2832f67ec64e3e8e3e9a60fe820c22b069a39d961abe3ac4bfb579ffa3e2a17
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-