General
-
Target
a0ab609747b185b820ed3a65ba00934adebd2d12689d4a49c21094ac870ff0f4
-
Size
374KB
-
Sample
220521-d7kdasghh5
-
MD5
ecbdef6c8ff15f14f034a8c4193d9dce
-
SHA1
dee8406d77ccdb99e8675aa534f73f058116f8fb
-
SHA256
a0ab609747b185b820ed3a65ba00934adebd2d12689d4a49c21094ac870ff0f4
-
SHA512
c48cf07860f634483aa132964f355cb4a09136a93da2272c77b5f490c63a0e7b24623a3fb43d13f44120021023a2f0754ec15a6970f846c797edd18c2027d70b
Malware Config
Extracted
http://rijschoolfastandserious.nl/rprmloaw/111111.png
http://nanfeiqiaowang.com/tsxwe/111111.png
http://forum.insteon.com/suowb/111111.png
http://webtest.pp.ua/yksrpucvx/111111.png
http://quoraforum.com/btmlxjxmyxb/111111.png
http://quickinsolutions.com/wfqggeott/111111.png
http://bronco.is/pdniovzkgwwt/111111.png
http://studiomascellaro.it/wnzzsbzbd/111111.png
http://craniotylla.ch/vzufnt/111111.png
http://marineworks.eu/dwaunrsamlbq/111111.png
Targets
-
-
Target
08142020_1955816493.doc
-
Size
381KB
-
MD5
8b9a76bee8f32292b25d55383c100d2c
-
SHA1
fe63d6a4046682dabce9cc6e49bc22fbbb8399e4
-
SHA256
a1ea10b25a1dd9165910a6859847f4bc6437f06e4651f8cc31ddf3b9d50be3c2
-
SHA512
9fc9740134ec8bd07b7f18ce2ab4b52136ebce65ed7d5a62493efceb545ba2a1aedd2217360f933f386716ccb5554a0700aef17949b724e7e301ab6cdaa22d15
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-