General
-
Target
c50b2e12e8f416c1e3980c9d2cc6a9b0c9c9bc2a0af9c1ba91568b234a395ac6.xls
-
Size
95KB
-
Sample
220707-d9dcrsegd2
-
MD5
54b83539bdc1307b861f236e55bcd2a7
-
SHA1
59ad04d9a8b060497ba522d06b4a5f40dce7bfdb
-
SHA256
c50b2e12e8f416c1e3980c9d2cc6a9b0c9c9bc2a0af9c1ba91568b234a395ac6
-
SHA512
01b891989021ecde840fa2bf7c4e4de789b361b74432edf95ce6f1e938f966a7d6b194aaf8054480e3555a5c80a00c711085c0363536238ce9626ada5c2fcaf0
Malware Config
Extracted
https://edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/
http://earthmach.co.za/libraries/tWkZh9YrXbTd6IeX/
http://finvest.rs/wp-admin/Hr9nVNTIHgw59S/
http://efverstedt.se/5jjaV/w7fLEHJ20xn0qD/
Targets
-
-
Target
c50b2e12e8f416c1e3980c9d2cc6a9b0c9c9bc2a0af9c1ba91568b234a395ac6.xls
-
Size
95KB
-
MD5
54b83539bdc1307b861f236e55bcd2a7
-
SHA1
59ad04d9a8b060497ba522d06b4a5f40dce7bfdb
-
SHA256
c50b2e12e8f416c1e3980c9d2cc6a9b0c9c9bc2a0af9c1ba91568b234a395ac6
-
SHA512
01b891989021ecde840fa2bf7c4e4de789b361b74432edf95ce6f1e938f966a7d6b194aaf8054480e3555a5c80a00c711085c0363536238ce9626ada5c2fcaf0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-