General
-
Target
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98
-
Size
83KB
-
Sample
220115-fqatmsdadk
-
MD5
c0870d356e8152ed4f29cf722ad17226
-
SHA1
e34bef3eff98785e44eaacdccd045716716c43f8
-
SHA256
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98
-
SHA512
9ae78aa91b5ac6bd57a99841ab020110e90ef3782be77f52118abd302f0811b43aa752b1d9a28f2248f2e819a074a6f74ed20dac5076ee58d2c7d7c6a2303cfb
Behavioral task
behavioral1
Sample
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
http://ostadsarma.com/wp-admin/JNgASjNC/
http://govtjobresultbd.xyz/sjjz/UIUhOHsLqjOy9/
Extracted
https://zml.laneso.com/packet/AlvJ8OdtSYEeeCQP/
http://ostadsarma.com/wp-admin/JNgASjNC/
Targets
-
-
Target
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98
-
Size
83KB
-
MD5
c0870d356e8152ed4f29cf722ad17226
-
SHA1
e34bef3eff98785e44eaacdccd045716716c43f8
-
SHA256
08f4133865fa8c1f178159bd516a53cdae4e3a980e273ab9cac3d2f8964d6a98
-
SHA512
9ae78aa91b5ac6bd57a99841ab020110e90ef3782be77f52118abd302f0811b43aa752b1d9a28f2248f2e819a074a6f74ed20dac5076ee58d2c7d7c6a2303cfb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-