General
-
Target
d1471ba011dbddb8345e6f8e2d2fadfd0bce5b7ddbff48ef2a343c5329aa63a3
-
Size
216KB
-
Sample
220521-adap8aaaf8
-
MD5
60c75628f7aa95b2bd7178631241b149
-
SHA1
14273be13011405c414f5c85cfa2473ac161019a
-
SHA256
d1471ba011dbddb8345e6f8e2d2fadfd0bce5b7ddbff48ef2a343c5329aa63a3
-
SHA512
a6b1a94e7d87ea9b93103ec0b208d2f4f9c5ffe8384323d426b58654b5f7abf078d5ef98e44a5c572d89eca050f9f856c72d9f9964e3df0792f9f38d46f8c989
Malware Config
Extracted
http://zenithenergy.com/wp-admin/E/
http://vietnamv1.com/wp-admin/W/
https://tunicip.com/test035/1n/
http://www.mjplantbased.com/cgi-bin/ht/
http://tamymakeup.com/myclassapp/Rt/
http://ucmasabacusnagpurandchattisgarh.com/App/JVO/
https://gapuragamapersada.com/wp-admin/c/
Targets
-
-
Target
d1471ba011dbddb8345e6f8e2d2fadfd0bce5b7ddbff48ef2a343c5329aa63a3
-
Size
216KB
-
MD5
60c75628f7aa95b2bd7178631241b149
-
SHA1
14273be13011405c414f5c85cfa2473ac161019a
-
SHA256
d1471ba011dbddb8345e6f8e2d2fadfd0bce5b7ddbff48ef2a343c5329aa63a3
-
SHA512
a6b1a94e7d87ea9b93103ec0b208d2f4f9c5ffe8384323d426b58654b5f7abf078d5ef98e44a5c572d89eca050f9f856c72d9f9964e3df0792f9f38d46f8c989
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-