General
-
Target
cbqdedgl
-
Size
238KB
-
Sample
220522-f1h8rsahej
-
MD5
ed4208fb279021678a791818606d3981
-
SHA1
5eb08220ced38b83488ec0403cab60262c90636d
-
SHA256
493fbab43b8eaf0772394866842fa9474e8e54a84894498828af06590dff1cbd
-
SHA512
fe1a4722d90f4120e2e8eb8a43dcfc956c8ea32efc69bd2b88779460af02fa2038342f2483b4d4ef52b886d1500f8e9bbc1ccc3ed4f4a422809030ea3f742aff
Static task
static1
Behavioral task
behavioral1
Sample
cbqdedgl.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cbqdedgl.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://saimission.org/sai/fU/
https://toprakmedia.com/cgi-bin/F/
http://tonmeister-berlin.de/Dokumente/Zqmb3/
http://www.essand.com/test/SOx5LA/
http://gzamora.es/9s52_ou17husakvth9fs_resource/sFe3aa/
http://powerfrog.net/Anna/ifqE/
http://sasystemsuk.com/recruit/H/
Targets
-
-
Target
cbqdedgl
-
Size
238KB
-
MD5
ed4208fb279021678a791818606d3981
-
SHA1
5eb08220ced38b83488ec0403cab60262c90636d
-
SHA256
493fbab43b8eaf0772394866842fa9474e8e54a84894498828af06590dff1cbd
-
SHA512
fe1a4722d90f4120e2e8eb8a43dcfc956c8ea32efc69bd2b88779460af02fa2038342f2483b4d4ef52b886d1500f8e9bbc1ccc3ed4f4a422809030ea3f742aff
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-