General
-
Target
https://avme-zc1.maillist-manage.com.au/click.zc?m=1&mrd=126605c9d3861db&od=3z82fd09666148feea4ff0cb2c316fa9c0b0a11d15b6b4da3f345d26d28a832d29&linkDgs=126605c9cdd4033&repDgs=126605c9d38cc06
-
Sample
220926-rbrz6acber
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://avme-zc1.maillist-manage.com.au/click.zc?m=1&mrd=126605c9d3861db&od=3z82fd09666148feea4ff0cb2c316fa9c0b0a11d15b6b4da3f345d26d28a832d29&linkDgs=126605c9cdd4033&repDgs=126605c9d38cc06
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
https://avme-zc1.maillist-manage.com.au/click.zc?m=1&mrd=126605c9d3861db&od=3z82fd09666148feea4ff0cb2c316fa9c0b0a11d15b6b4da3f345d26d28a832d29&linkDgs=126605c9cdd4033&repDgs=126605c9d38cc06
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://vigorous-wilson.91-212-52-180.plesk.page/Bypass.txt
Targets
-
-
Target
https://avme-zc1.maillist-manage.com.au/click.zc?m=1&mrd=126605c9d3861db&od=3z82fd09666148feea4ff0cb2c316fa9c0b0a11d15b6b4da3f345d26d28a832d29&linkDgs=126605c9cdd4033&repDgs=126605c9d38cc06
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-