General
-
Target
1c63ab6f3e71ef9aa669daf3ecd57b69570ea5d14e24e8dbe2e296133a0c9690
-
Size
191KB
-
Sample
221127-n2z7nsab5s
-
MD5
b09a0d6236e5c0455b379e6678aa0392
-
SHA1
6439a44d4f7c5d92879c637767db6938b63c096f
-
SHA256
1c63ab6f3e71ef9aa669daf3ecd57b69570ea5d14e24e8dbe2e296133a0c9690
-
SHA512
e171007f4d203107dceb7e73ee1b90f8ce9e89cf0b5c0e8c98d182d8b684395c2d2ff0506230d5cb9b07946d29ddc9a38cfa9a1c0bee9b97a73194e56134f809
-
SSDEEP
3072:3hT6bftBVUtfBhOSCw3GMPQY98JfZmKP7uCsFMakqYTfcIn+2o7JaOCisA:3hT6bftnUtiSCCd98JzP7HsqakRTfcIM
Malware Config
Extracted
http://www.isolectra.com.sg/tmp/rk2n1.exe
Targets
-
-
Target
1c63ab6f3e71ef9aa669daf3ecd57b69570ea5d14e24e8dbe2e296133a0c9690
-
Size
191KB
-
MD5
b09a0d6236e5c0455b379e6678aa0392
-
SHA1
6439a44d4f7c5d92879c637767db6938b63c096f
-
SHA256
1c63ab6f3e71ef9aa669daf3ecd57b69570ea5d14e24e8dbe2e296133a0c9690
-
SHA512
e171007f4d203107dceb7e73ee1b90f8ce9e89cf0b5c0e8c98d182d8b684395c2d2ff0506230d5cb9b07946d29ddc9a38cfa9a1c0bee9b97a73194e56134f809
-
SSDEEP
3072:3hT6bftBVUtfBhOSCw3GMPQY98JfZmKP7uCsFMakqYTfcIn+2o7JaOCisA:3hT6bftnUtiSCCd98JzP7HsqakRTfcIM
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-