General
-
Target
argrxaxg
-
Size
160KB
-
Sample
220522-fzcplaaghm
-
MD5
2529be6d0d4a4d7bfda6968d45dcca51
-
SHA1
41fc6f87aac038840d09086480c9175a56b86189
-
SHA256
5c2eb5bb1ad7637e95d3f9a48a34ca84fc39ead486c71dc34bae929f7f848831
-
SHA512
7a9fd7526ffe56b72a819a28b8d1aeedcbdbd7a5808b5aa97a486ee67c2a1ac8a3ed298270751bced1394acd69ff9df904bd6d9479393fdf8e44e67ccab5e858
Static task
static1
Behavioral task
behavioral1
Sample
argrxaxg.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
argrxaxg.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://brand360.vn/bljgz/93U/
http://aramisconstruct.ro/wp-admin/uX/
https://www.alshuwail.com/cgi-bin/5/
https://www.lavenderkart.com/blogs/nZP5c/
https://www.talktalkenglish.vn/database/v/
https://www.wellnursesmartnurse.co.za/wp-admin/HFdox/
https://pox23.io/wp-content/I/
Targets
-
-
Target
argrxaxg
-
Size
160KB
-
MD5
2529be6d0d4a4d7bfda6968d45dcca51
-
SHA1
41fc6f87aac038840d09086480c9175a56b86189
-
SHA256
5c2eb5bb1ad7637e95d3f9a48a34ca84fc39ead486c71dc34bae929f7f848831
-
SHA512
7a9fd7526ffe56b72a819a28b8d1aeedcbdbd7a5808b5aa97a486ee67c2a1ac8a3ed298270751bced1394acd69ff9df904bd6d9479393fdf8e44e67ccab5e858
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-