General
-
Target
4efd10977656e5ed1cbe43d472c222ed9d3e62d3cbb10008627f99283da5bda9
-
Size
121KB
-
Sample
220520-1ptkkshcgm
-
MD5
bd704eac1ffc447643fdad580aae59fb
-
SHA1
a00ee4cbc868e78c0436b9e92db21b0df89020f1
-
SHA256
4efd10977656e5ed1cbe43d472c222ed9d3e62d3cbb10008627f99283da5bda9
-
SHA512
e16d4c4e8c6031eac1cb6258d480c5400fb921bd814035145d4432f4be43bcecf0d4088e38bcd4d2ecbaffeba83a9cd4d727b5d12f47396b7e5d59a86300eb88
Malware Config
Extracted
http://casaroomz.com/wp-includes/rPG/
http://necibekulac.com/wp-content/dTl4ul/
https://www.homeonetechnologies.com/blog/dcy/
http://todoparaelconfort.com/cgi-bin/wp/
http://aadarshitibhusawal.org/wp-includes/amI/
http://digiarmedia.com/wp-admin/8/
http://avcumda.com/huseyingulgec.com.tr/cO1DS8G/
Targets
-
-
Target
sample
-
Size
232KB
-
MD5
8d8598ee9e193f9e477b759c8078e681
-
SHA1
91893c67cc6f77e21b38b30441beee6bd66966fb
-
SHA256
7077e1861b7c38362bb30b8e762a64bf3823c4380c25e70c61be682127e850c7
-
SHA512
2e86f70dabbe8ab82a2b15d70dd20dc402fbba2c1cb98e23e8f72e4c4c3098bd7638cbe85ba9027fb128a35dcdc5d3839f4f41a6565decd4da17bfc084f56e7c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-