General
-
Target
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e
-
Size
83KB
-
Sample
220115-bylhwsbge4
-
MD5
bdc6d97b7154f28cc5bfb7d95190a1fa
-
SHA1
37d3583e2cd06ebf7b6ec8768abb635c5a1dd3d9
-
SHA256
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e
-
SHA512
ad96e4126355d96c20fb777cb0ea4aaffe25423cd79b7c779e2b01fd4046c4135250d8273577a034390074dd9adea0dc6adf01313e72d2b89bbe481da29b2016
Behavioral task
behavioral1
Sample
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
http://ostadsarma.com/wp-admin/JNgASjNC/
http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/
Extracted
https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
Targets
-
-
Target
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e
-
Size
83KB
-
MD5
bdc6d97b7154f28cc5bfb7d95190a1fa
-
SHA1
37d3583e2cd06ebf7b6ec8768abb635c5a1dd3d9
-
SHA256
b654e1b1f4906be1e6155ad03eba53894dfa66ba899732c7f4cacac7a98d1f6e
-
SHA512
ad96e4126355d96c20fb777cb0ea4aaffe25423cd79b7c779e2b01fd4046c4135250d8273577a034390074dd9adea0dc6adf01313e72d2b89bbe481da29b2016
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-