General
-
Target
qbot.zip
-
Size
323KB
-
Sample
210507-8lf1b6vb2n
-
MD5
af2e73d50483dd49b73069507117b798
-
SHA1
e0d1ddbb33217aa9d8217a015b86c1bd7f368dbb
-
SHA256
5f1a47f7e929a6563f9b4d18dbefbab17942d63c9738baa0f1c4e9a25152fbb3
-
SHA512
77cd1510806ad8615c378c719fba536ecffe86d40fd8b9d950b1637c674ea1f301e648b6a9ee77a3d6b3da10096af1742362c58629c27e916993655fe25d6db5
Behavioral task
behavioral1
Sample
baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca.xlsm
Resource
win7v20210410
Behavioral task
behavioral2
Sample
baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://188.127.235.69/44300,5396033565.dat
http://45.144.30.41/44300,5396033565.dat
http://62.109.24.36/44300,5396033565.dat
Targets
-
-
Target
baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca.xlsm
-
Size
328KB
-
MD5
eb1d27c0d19fcaa8b64423e7502baef3
-
SHA1
99afdc744ef8f0a7b2e69aca01a10ca8f1eec26b
-
SHA256
baa952bfeae28062d42e78bed942525b68090b4b43ac2ec8a619d0580bd1acca
-
SHA512
2f1bf427662f132f4ea13d3bd69415465fb2b5bf43ad445aba4545b0288c6056a3a5897195a2ddf9e05fac2d87c7e162aee4a946630060873f1c0d5558a0571e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-