General
-
Target
gozljfti
-
Size
170KB
-
Sample
220522-f48mtsbbdl
-
MD5
93c9b98aaab635cfe1fcaf77a6c93467
-
SHA1
e974ec2b417e889ed9a5e26cce5731367233ac9b
-
SHA256
bbccb28da0c926e3bf941fd5d29105048c7e5e2a63ce7fe99bebba6bcd3a204a
-
SHA512
7c36431b34946379272d871a03bd869eb9c9f7d7ba194f2eadcb4bd5e4fd50e276d39badfd0d53160854a1ce27d01dbb50c615e71ef7bddf96cdb9e3904e8150
Malware Config
Extracted
http://cgemtalent.com/open-call/j4x9_rezdf_4/
https://www.spiidgas.com.br/site2/br_o_0f7t/
http://atelierbrasilia.com/site/ja_xek8_7k/
http://ative.nl/Ermelo/sk0vy_nln3_j8thtzh3ia/
http://www.cistilniservis-t530.com/cgi-bin/kif_srz5e_dxo7rqa5k/
Targets
-
-
Target
gozljfti
-
Size
170KB
-
MD5
93c9b98aaab635cfe1fcaf77a6c93467
-
SHA1
e974ec2b417e889ed9a5e26cce5731367233ac9b
-
SHA256
bbccb28da0c926e3bf941fd5d29105048c7e5e2a63ce7fe99bebba6bcd3a204a
-
SHA512
7c36431b34946379272d871a03bd869eb9c9f7d7ba194f2eadcb4bd5e4fd50e276d39badfd0d53160854a1ce27d01dbb50c615e71ef7bddf96cdb9e3904e8150
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-