General
-
Target
Cancellation-1833116253-03112021.zip
-
Size
49KB
-
Sample
210312-jqd18j5jha
-
MD5
66c864d39df68c8fc9928a08e1cb4223
-
SHA1
e26b7a099d6a725319c1ffae24a2bf5336c9abfa
-
SHA256
0b5aef42ff5ae678d7ab65b0c2b7824aed3c5215d2755f326a0b5c4cba32f52a
-
SHA512
2e10b2176784218257f2698f73d01e9e349b7d4be0279af6bf57cf1eca73a73ec9edabc3e354735c526857b8850eca5dd233aab8673460d3a162ca7d6c29ab58
Malware Config
Extracted
http://195.123.220.67/44267.5273180556.dat
http://45.150.67.127/44267.5273180556.dat
http://181.215.47.82/44267.5273180556.dat
http://reynare.com/sbazaa/44267.5273180556.dat
http://hosting152231.a2e16.netcup.net/zhrzoxxo/44267.5273180556.dat
Targets
-
-
Target
Cancellation-1833116253-03112021.xls
-
Size
277KB
-
MD5
a1f1f52796d8f655dd0603fb8368ecc0
-
SHA1
af2b833eede2aae9f9dc5862c34ea19b826cc081
-
SHA256
9826463d649ddac393a09764050fc6ebf824d06dc05b8c105fdced3eac4cbc02
-
SHA512
a1e7ed059a4e6686e7bce6542eea97481a25dea93133e982b53c6441bb05eeb3c9bb15ba080d81182b330586135cef85e491e5e948769d945275341ea630067b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-