General
-
Target
bwboxdub
-
Size
224KB
-
Sample
220522-f1btpaahdn
-
MD5
223975e6f03f5cc32074a00e82f8cf99
-
SHA1
1c5e3a86b5acaa1d9b875ded4079dd06f4a4e06b
-
SHA256
5df4f10d255d1733e9450ecf67d166c73f6f29bb36efe88d6093a31d31ce0ad4
-
SHA512
acdba3d37f3b7c5e204fb6ee6fe9de07aae9ff43d5f1c08b536ab6f1b52bed348e21e8b58a3ebb958458ca9cc9d4b8e3fec4ac53d51e3544beb59495c4fed03b
Static task
static1
Behavioral task
behavioral1
Sample
bwboxdub.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bwboxdub.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://masque.es/stat/HWDzR/
http://mesdelicesitaliens.fr/wp-admin/file/IIck/
http://lidiscom.com.br/BKP_TinaPOS/attach/UlijfEK/
http://facanha.com.br/temp/file/VFyitEUEZ/
https://attech.ml/wp-admin/yZDBlYkJtq/
http://admvero.com.br/minhaagua/hLwOiX/
https://dev.dosily.in/wp-content/attach/zdRHVDCwl/
Targets
-
-
Target
bwboxdub
-
Size
224KB
-
MD5
223975e6f03f5cc32074a00e82f8cf99
-
SHA1
1c5e3a86b5acaa1d9b875ded4079dd06f4a4e06b
-
SHA256
5df4f10d255d1733e9450ecf67d166c73f6f29bb36efe88d6093a31d31ce0ad4
-
SHA512
acdba3d37f3b7c5e204fb6ee6fe9de07aae9ff43d5f1c08b536ab6f1b52bed348e21e8b58a3ebb958458ca9cc9d4b8e3fec4ac53d51e3544beb59495c4fed03b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-