General
-
Target
8abe2662dd5b129ea1422b30d1e5f07b656201754d24376af623ac7e72e113e8
-
Size
130KB
-
Sample
220701-ed9xjaahbr
-
MD5
ec859aead55ca0793ef9118d618b814d
-
SHA1
99d144664b0ba946eb5a96f69ba05730a3761bf7
-
SHA256
8abe2662dd5b129ea1422b30d1e5f07b656201754d24376af623ac7e72e113e8
-
SHA512
2d5e7b60a434e4fd87a5549a638a3b07322f0c37580da4521ba483a7dcb148c1910b9c99ce0f6231552e9af39cdb280d58b8b6f25bbb2d1d4317ca81de97c1f7
Malware Config
Extracted
https://atlanticsg.com/wp-includes/fsfrz22_mkp29qlby-69478/
http://eastpennlandscape.com/css/qhJUtdBFvM/
http://mcs-interiors.co.uk/cgi-bin/MUbadZUIXD/
http://laderajabugo.navicu.com/wp-admin/6ohv5j_6m40d-4652183/
http://banphongresort.com/wp-includes/8hxbg02o_wkpvf-27459009/
Targets
-
-
Target
8abe2662dd5b129ea1422b30d1e5f07b656201754d24376af623ac7e72e113e8
-
Size
130KB
-
MD5
ec859aead55ca0793ef9118d618b814d
-
SHA1
99d144664b0ba946eb5a96f69ba05730a3761bf7
-
SHA256
8abe2662dd5b129ea1422b30d1e5f07b656201754d24376af623ac7e72e113e8
-
SHA512
2d5e7b60a434e4fd87a5549a638a3b07322f0c37580da4521ba483a7dcb148c1910b9c99ce0f6231552e9af39cdb280d58b8b6f25bbb2d1d4317ca81de97c1f7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-