General
-
Target
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67.bin.sample
-
Size
138KB
-
Sample
221121-n2sgtsch2t
-
MD5
430d7c853638524e59abe98c593b2ae5
-
SHA1
6ed415997a658f5b749dded6347bf970acac2601
-
SHA256
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67
-
SHA512
e7100c0e17f4910305077018350c625d815115b09044764d037c98a9b847d48400c8fd7f0fb194617b96ca955f06f5b076e64887c33e89dcac7de08dbb93f40c
-
SSDEEP
3072:zKehv7q2Pjx45uoDGTj+5xtekEvi8/dg0a3Wm47CdX5gVvhoxzYrasdJXIch1L:Wehv7q2Pjx45uoDGTj+5xtFEvi8/dg0x
Behavioral task
behavioral1
Sample
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67.bin.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67.bin.xls
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://midnightsilvercrafters.com/store/wBjNOUw/
http://tempral.com/NATE_05_22_2009/BI710N4cQ6R3/
https://redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/
https://uhc.karmatechmediaworks.com/wp-content/0EqfdeznntlOpaIP2Qv/
https://servilogic.net/b/14hqrdyP0Z3WsbQib8/
https://comezmuhendislik.com/ljfrmm/VTpHRFWoORAHnRQ3aQL/
http://webmail.glemedical.com/wp-content/J1M2xxodH/
http://toto.karmatechmediaworks.com/wp-content/i826vbcVgRJ/
https://golfpia.karmatechmediaworks.com/wp-content/oEicpDnEkk/
https://fortiuspharma.com/y6krss/EGm347cqj5/
https://garyjharris.com/cgi-bin/0hH/
https://vietnam.karmatechmediaworks.com/wp-content/PfSVQagusZy7AaMw/
https://vinculinc.karmatechmediaworks.com/wp-content/VlcOPPwgidWlXDJNs6/
Targets
-
-
Target
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67.bin.sample
-
Size
138KB
-
MD5
430d7c853638524e59abe98c593b2ae5
-
SHA1
6ed415997a658f5b749dded6347bf970acac2601
-
SHA256
b5f5d6de381bb2bd2f5f4520727a307c7f094435fa22fa05b840a3ce5b400c67
-
SHA512
e7100c0e17f4910305077018350c625d815115b09044764d037c98a9b847d48400c8fd7f0fb194617b96ca955f06f5b076e64887c33e89dcac7de08dbb93f40c
-
SSDEEP
3072:zKehv7q2Pjx45uoDGTj+5xtekEvi8/dg0a3Wm47CdX5gVvhoxzYrasdJXIch1L:Wehv7q2Pjx45uoDGTj+5xtFEvi8/dg0x
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-