General
-
Target
dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822
-
Size
159KB
-
Sample
220520-1eh14adgf9
-
MD5
7ddc710efec2afde585c14b7aab0390d
-
SHA1
ffff91695e0ab3289078686b0f805ecec5fb8d4b
-
SHA256
dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822
-
SHA512
05a8c4a6e8481bba138de73b6c600ace4eb67b69c20628f07e1cac66143dcdf889357ff313db79cb4d7cb7cd2bcc9c33182a317c0bc1bf062408a02dbef582dd
Malware Config
Extracted
http://www.madonnaball.com/wp-content/Xbc/
http://www.drivingwitharrow.com/wp-content/plugins/w8KF86/
http://totemrussia.com/6uq9udk/pt9G/
http://kaziriad.com/wp-admin/8Y98/
http://movetracker.com/wp-content/MYsw/
Targets
-
-
Target
dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822
-
Size
159KB
-
MD5
7ddc710efec2afde585c14b7aab0390d
-
SHA1
ffff91695e0ab3289078686b0f805ecec5fb8d4b
-
SHA256
dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822
-
SHA512
05a8c4a6e8481bba138de73b6c600ace4eb67b69c20628f07e1cac66143dcdf889357ff313db79cb4d7cb7cd2bcc9c33182a317c0bc1bf062408a02dbef582dd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-