General
-
Target
azbtmhyi
-
Size
232KB
-
Sample
220522-fzjsxaahak
-
MD5
97eb3bd0675dcb052eabfeacf7672f6e
-
SHA1
e3194145498f8a785f830f9a271b9adf908cabf9
-
SHA256
d4c076603f475a562c8771e360b65b734aba563731f4417b117ecfad4297d562
-
SHA512
0793c47bc11435c2c0466f8559d76fb1493ab7d052340980c0ceca4e61709dd8f802345819a1aa56117cb94ff162e64de9b945568670abc8edd8bae620d37b13
Malware Config
Extracted
http://xn--ruqumz1h0h.com/wp-content/zj/
http://hemalrathod.com/BillGST/6Y/
http://ipeconstrutora.com/cgi-bin/Zf/
http://islamabadtrafficpolice.gov.pk/i/
http://kogeisha.net/kansaiosakanagasaki-kenjinkai/Rxj/
http://lalenga.cl/claudio/oMz/
http://pedantas.eu/wp-snapshots/L/
Targets
-
-
Target
azbtmhyi
-
Size
232KB
-
MD5
97eb3bd0675dcb052eabfeacf7672f6e
-
SHA1
e3194145498f8a785f830f9a271b9adf908cabf9
-
SHA256
d4c076603f475a562c8771e360b65b734aba563731f4417b117ecfad4297d562
-
SHA512
0793c47bc11435c2c0466f8559d76fb1493ab7d052340980c0ceca4e61709dd8f802345819a1aa56117cb94ff162e64de9b945568670abc8edd8bae620d37b13
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-