General
-
Target
hgetaift
-
Size
194KB
-
Sample
220522-f5rqpsbbfm
-
MD5
276ecb6b0eae11d22873e390b0a4a93d
-
SHA1
4509b240b7e5ebb69a0487bccd96bf2bba3fba3b
-
SHA256
cab5f70f9a6d1f300828e8c715696273befca7a141ca5e75b69b5a408ee432b2
-
SHA512
7c02adb25ebb59b8b500b2505c86202e6252fdad05ac0a1d4ecd5cdb6e8f9cf9b51f3e61b128755df8b44f456d6f93f310cbfc150158ecdf8078cef6cfb711fc
Malware Config
Extracted
https://vstbar.com/wp-admin/Hs/
http://binarywebtechsolutions.com/mobile-website-designing-company-in-gurgaon/CLZ/
http://shahqutubuddin.org/U/
http://cybersign-001-site5.gtempurl.com/2xwzq/bve/
https://star-speed.vip/wp-admin/Ttv/
https://treneg.com.br/rfvmbh/a/
https://cimsjr.com/hospital/x2f/
Targets
-
-
Target
hgetaift
-
Size
194KB
-
MD5
276ecb6b0eae11d22873e390b0a4a93d
-
SHA1
4509b240b7e5ebb69a0487bccd96bf2bba3fba3b
-
SHA256
cab5f70f9a6d1f300828e8c715696273befca7a141ca5e75b69b5a408ee432b2
-
SHA512
7c02adb25ebb59b8b500b2505c86202e6252fdad05ac0a1d4ecd5cdb6e8f9cf9b51f3e61b128755df8b44f456d6f93f310cbfc150158ecdf8078cef6cfb711fc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-