General
-
Target
b01e71436ccb703fbf02bf0e171f77ac.exe
-
Size
780KB
-
Sample
220507-xsl35acha3
-
MD5
b01e71436ccb703fbf02bf0e171f77ac
-
SHA1
9acda7d69832cbfc66881302b5ab2691ad342c78
-
SHA256
b9e8d2ae255a3b585cd17cbfad39037f0bb9a7691b4977e08d248841017b1b2c
-
SHA512
a69c3969a2a62625604d1bdb1a8fe1e5d69100836d604c32e463b54854d7c60fd6c451246880ac6c84213955bba0bce6123882c16edc3d10ef8b89e5b13f464c
Malware Config
Targets
-
-
Target
b01e71436ccb703fbf02bf0e171f77ac.exe
-
Size
780KB
-
MD5
b01e71436ccb703fbf02bf0e171f77ac
-
SHA1
9acda7d69832cbfc66881302b5ab2691ad342c78
-
SHA256
b9e8d2ae255a3b585cd17cbfad39037f0bb9a7691b4977e08d248841017b1b2c
-
SHA512
a69c3969a2a62625604d1bdb1a8fe1e5d69100836d604c32e463b54854d7c60fd6c451246880ac6c84213955bba0bce6123882c16edc3d10ef8b89e5b13f464c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE DCRAT Activity (GET)
suricata: ET MALWARE DCRAT Activity (GET)
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-