General
-
Target
gempimyh
-
Size
231KB
-
Sample
220522-f4w9ssbbbm
-
MD5
e8c455b9d0a528d8e47a5fa5c949e368
-
SHA1
9fb22350f11a28bf1522fd79c0a94268efee4b22
-
SHA256
4c3f9a91ab8bd67a7de8b61f6d5e49c34a0c3ded123f63205f02d17ff570c204
-
SHA512
c4de4a1b0f2d8b239a5366c922bd400a525dfcc4158442310d5602467ef184d362de16b6ea84756c1f48c7fde65fc520ae3edd8798a1c05daaacff2ae28fefdd
Malware Config
Extracted
http://xn--ruqumz1h0h.com/wp-content/zj/
http://hemalrathod.com/BillGST/6Y/
http://ipeconstrutora.com/cgi-bin/Zf/
http://islamabadtrafficpolice.gov.pk/i/
http://kogeisha.net/kansaiosakanagasaki-kenjinkai/Rxj/
http://lalenga.cl/claudio/oMz/
http://pedantas.eu/wp-snapshots/L/
Targets
-
-
Target
gempimyh
-
Size
231KB
-
MD5
e8c455b9d0a528d8e47a5fa5c949e368
-
SHA1
9fb22350f11a28bf1522fd79c0a94268efee4b22
-
SHA256
4c3f9a91ab8bd67a7de8b61f6d5e49c34a0c3ded123f63205f02d17ff570c204
-
SHA512
c4de4a1b0f2d8b239a5366c922bd400a525dfcc4158442310d5602467ef184d362de16b6ea84756c1f48c7fde65fc520ae3edd8798a1c05daaacff2ae28fefdd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-