General
-
Target
PO#1487958_10.ppa
-
Size
88KB
-
Sample
220809-g2lwqaebal
-
MD5
efa5a55ed027ab21d30fd82082754f6a
-
SHA1
020c5601a43beb6d9b54efa78c05e4154e60173c
-
SHA256
6952750e2b248cb0cac7f33e2d81061f8d2635919feac3ad299a873389b3d880
-
SHA512
f57d3c993f008960c3e06b401769a2169d0074d25a24a1a832058809fb903b4682f7e6a0bb505a166e2e0a23cd92bce9ddead5e172d3e0d62c0b855a5aa7eebf
Behavioral task
behavioral1
Sample
PO#1487958_10.pps
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
PO#1487958_10.pps
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://bitbucket.org/!api/2.0/snippets/warzonepro/KME7g4/7678df565d5a8824274645a03590fc72588243f0/files/orignalfinal
Extracted
https://bitbucket.org/!api/2.0/snippets/warzonepro/pE749g/3c167f11be3c255d4ff471aeab79597df9268f4d/files/orignal.txt
Targets
-
-
Target
PO#1487958_10.ppa
-
Size
88KB
-
MD5
efa5a55ed027ab21d30fd82082754f6a
-
SHA1
020c5601a43beb6d9b54efa78c05e4154e60173c
-
SHA256
6952750e2b248cb0cac7f33e2d81061f8d2635919feac3ad299a873389b3d880
-
SHA512
f57d3c993f008960c3e06b401769a2169d0074d25a24a1a832058809fb903b4682f7e6a0bb505a166e2e0a23cd92bce9ddead5e172d3e0d62c0b855a5aa7eebf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-