General
-
Target
3a60267e07f87febd467eef422489cc51148e9efa3e6151a8120cb7cdbfba962
-
Size
79KB
-
Sample
220418-mrwaasfcb4
-
MD5
10a4f9d6d9227c2b39faa44cc1802369
-
SHA1
2ad597bdd9ede066b7edc4b13bc46c69cbb65680
-
SHA256
3a60267e07f87febd467eef422489cc51148e9efa3e6151a8120cb7cdbfba962
-
SHA512
5cf796fdf9cdcb23a05a134a847506d85b2bcecbb551380c7cdaceb9a37a2b34853cecfa31acc252cc7dd3053f123dfa76e48b6a47ef6f7ccae0f2fad2ea6ef6
Malware Config
Extracted
http://kompy.cba.pl/gif/lN_dl/
http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
http://dev.dimatech.org/wp-admin/Hu_jj/
http://juangrela.com/admin/bB_m/
http://coupedecheveux.org/yu71t1x/c_V/
Targets
-
-
Target
UPS-E67JRV4SZIKQO.js
-
Size
161KB
-
MD5
3a864f7c64c77a701b9aec3dbcb4389f
-
SHA1
1a1cfdbbded9a84be91aac5064a21c591710049c
-
SHA256
46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb
-
SHA512
9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-