General
-
Target
fzivjgfe
-
Size
154KB
-
Sample
220522-f4rdjsbbap
-
MD5
40f79fcaa6e497435e1ac54f87fe90ab
-
SHA1
41acbe1239d7c21c6919033da6fd935db6ee1f58
-
SHA256
43af38ecd27585f00463abfee0ca7f492fb36fa862c8d215447d59be27652589
-
SHA512
93e3876bf713ea07d0302cc2f3432c0aa0365e2d3a5d2babe751a198fde4a0c9b4a080804166485e2843a0ec7e071b7748126bdd7d79472ede19c9fad3688d7a
Malware Config
Extracted
http://mediatorstewart.com/service-msc/3zZLr/
http://wolffsachs.com/wp-content/UKZw/
http://ycspreview.com/shubham/h7qna/
http://wi360.com/wp-content/u/
http://linkejet.com.br/cgi-bin/UQ/
http://nuocmambamuoi.vn/wp-admin/Ty/
http://ellinismos1922.gr/log/c99FG/
Targets
-
-
Target
fzivjgfe
-
Size
154KB
-
MD5
40f79fcaa6e497435e1ac54f87fe90ab
-
SHA1
41acbe1239d7c21c6919033da6fd935db6ee1f58
-
SHA256
43af38ecd27585f00463abfee0ca7f492fb36fa862c8d215447d59be27652589
-
SHA512
93e3876bf713ea07d0302cc2f3432c0aa0365e2d3a5d2babe751a198fde4a0c9b4a080804166485e2843a0ec7e071b7748126bdd7d79472ede19c9fad3688d7a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-