General
-
Target
BOQ & DWG & Specs.ppa
-
Size
88KB
-
Sample
220808-qfhfvadcf9
-
MD5
07f043483f0ace3a78eaf975472c5a0a
-
SHA1
3cded094a69940961675a7b9a72a11e8a74d99d3
-
SHA256
2a4506ceb5bc265840e2aeeeb6577aa97db5534672ad420efc22b62fe31e6d82
-
SHA512
60471fd4be21a7a3d53379f4af75c6bdd0a27f23a95d2b617175fe5d56ff84c00555854c6d42211dbd3589244736eb0986dafb8858308b4cf9f1e04ec80d7183
Behavioral task
behavioral1
Sample
BOQ & DWG & Specs.pps
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
BOQ & DWG & Specs.pps
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://bitbucket.org/!api/2.0/snippets/warzonepro/BgkqLA/e51a1670f88c9ae8856c835b8f03482c06cfdc8e/files/devis1
Extracted
https://bitbucket.org/!api/2.0/snippets/warzonepro/zE7z8E/529055121d9e0c31c5b73d98430be89b7a04a05f/files/devis111.txt
Targets
-
-
Target
BOQ & DWG & Specs.ppa
-
Size
88KB
-
MD5
07f043483f0ace3a78eaf975472c5a0a
-
SHA1
3cded094a69940961675a7b9a72a11e8a74d99d3
-
SHA256
2a4506ceb5bc265840e2aeeeb6577aa97db5534672ad420efc22b62fe31e6d82
-
SHA512
60471fd4be21a7a3d53379f4af75c6bdd0a27f23a95d2b617175fe5d56ff84c00555854c6d42211dbd3589244736eb0986dafb8858308b4cf9f1e04ec80d7183
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-