General
-
Target
admin2_rom-18.zip
-
Size
162KB
-
Sample
210709-dh7qx8afsx
-
MD5
ed556ea52324f957bae3c39eff2ab329
-
SHA1
2f812dc80dda0e9179d2c0f29d493c6a7c869376
-
SHA256
a3ff18c770b65e239ac1e68d31c98f5531caf0a10dd233a05ae7e4b818ac6939
-
SHA512
41a421d484c927e75ce6de30ef860b02594d2e8a5c034e21064d217b0547fb5bc4869f9cee69cc1c0f4394823114212e1fe65ebe15f9aae3cd3ff09a054c1011
Behavioral task
behavioral1
Sample
admin2_rom-18/plan-91864468.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
admin2_rom-18/plan-91864468.xlsb
Resource
win10v20210408
Behavioral task
behavioral3
Sample
plan-91864468.xlsb
Resource
win7v20210410
Behavioral task
behavioral4
Sample
plan-91864468.xlsb
Resource
win10v20210408
Malware Config
Extracted
https://carpascapital.com/gBPg8MtsGbv/ka.html
https://gruasphenbogota.com/C74hwGGxi/ka.html
Targets
-
-
Target
admin2_rom-18/plan-91864468.xlsb
-
Size
87KB
-
MD5
d3654ca3c955beffd8fe5b3912c93476
-
SHA1
a4efe7a1b6547b7a327d658aca73c648baeaed7f
-
SHA256
2747ecdeecfec43743a8b00a3a4f41cd43496290f7172e22c387714320406b8f
-
SHA512
c1bd5d0157c4d911f4a57b121265db663e9c2f8f98fd3660a57fe36d6155791174dcec85020e406d006427a9a1e14d1eaa7376ee321bde027a073862c705f9d7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
plan-91864468.xlsb
-
Size
87KB
-
MD5
d3654ca3c955beffd8fe5b3912c93476
-
SHA1
a4efe7a1b6547b7a327d658aca73c648baeaed7f
-
SHA256
2747ecdeecfec43743a8b00a3a4f41cd43496290f7172e22c387714320406b8f
-
SHA512
c1bd5d0157c4d911f4a57b121265db663e9c2f8f98fd3660a57fe36d6155791174dcec85020e406d006427a9a1e14d1eaa7376ee321bde027a073862c705f9d7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-