General
-
Target
aidlbpeq
-
Size
232KB
-
Sample
220522-fyx9xaaggl
-
MD5
cfec52b8d80989c23a30a60b68b5dd45
-
SHA1
3247f9910c5a63def06ff2179aff615b8800a36a
-
SHA256
8b23e164f16ba0caed21611db9782895ac3a6a1f5b30a16e7cff6a2f8e3c3008
-
SHA512
3d2f906c817546f6501f53e381f4acb705c468f81ba684697ea9ec7e9806eb2bd48ea71c5a356cd4923d5f0d13c6b8a9ac37ef87e99b7572c58908bed1f7ce2d
Static task
static1
Behavioral task
behavioral1
Sample
aidlbpeq.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
aidlbpeq.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://moasocialcoop.com/wp-includes/u1weym/
http://n-brake.com/aspnet_client/WiifnrD/
https://www.royalsr.in/assets/jZphN4/
http://online-inet.de/modules/AasIt/
http://nikniek.nl/cgi-bin/7a4Y/
http://exagono.com.mx/img/f/
http://mlrodasepneus.com.br/index11/Cwn/
Targets
-
-
Target
aidlbpeq
-
Size
232KB
-
MD5
cfec52b8d80989c23a30a60b68b5dd45
-
SHA1
3247f9910c5a63def06ff2179aff615b8800a36a
-
SHA256
8b23e164f16ba0caed21611db9782895ac3a6a1f5b30a16e7cff6a2f8e3c3008
-
SHA512
3d2f906c817546f6501f53e381f4acb705c468f81ba684697ea9ec7e9806eb2bd48ea71c5a356cd4923d5f0d13c6b8a9ac37ef87e99b7572c58908bed1f7ce2d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-