General
-
Target
flujakpb
-
Size
173KB
-
Sample
220522-f4gt4sbahl
-
MD5
9dc6c15bd5cadbea76473ca0a61270d0
-
SHA1
a1e18ac08b98c88a49da1b8afa527468a102fd0d
-
SHA256
56916942bc59a1ae0cc030beaf907b54631390e0a5fa7d75bce1f120df88d843
-
SHA512
ef06ec05fa2463a2f32defb87d796ff0fb88d3d9c8f2169b19683b6620e4e18dab86b69ae8649d59d2cc280293ec1f070443e9d69ad7018b20fee14a789f05a4
Static task
static1
Behavioral task
behavioral1
Sample
flujakpb.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
flujakpb.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://prolicitar.com.br/privilege/VwWMjYDU/
http://proreclame.nl/assets/Riw/
http://www.meltonian.net/Blog/Zaviixl730/
http://www.mollymoody.com/iRVKRMq/
https://mwrouse.com/cs2300/qVJaPCy/
Targets
-
-
Target
flujakpb
-
Size
173KB
-
MD5
9dc6c15bd5cadbea76473ca0a61270d0
-
SHA1
a1e18ac08b98c88a49da1b8afa527468a102fd0d
-
SHA256
56916942bc59a1ae0cc030beaf907b54631390e0a5fa7d75bce1f120df88d843
-
SHA512
ef06ec05fa2463a2f32defb87d796ff0fb88d3d9c8f2169b19683b6620e4e18dab86b69ae8649d59d2cc280293ec1f070443e9d69ad7018b20fee14a789f05a4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-