General
-
Target
45d044f0b47e5b2f56cd81fd9e615e2b9960cdef3a4a9c69e11d014b4bb1d32f
-
Size
191KB
-
Sample
221127-n2zk5sab41
-
MD5
cf75c33403bad87a59b0161576779ba2
-
SHA1
e4131593e9be8b994b49241cd2700479ddbfdab1
-
SHA256
45d044f0b47e5b2f56cd81fd9e615e2b9960cdef3a4a9c69e11d014b4bb1d32f
-
SHA512
79f9a2753e3076cd5febbdfb438c6f98c718c10190a7663c4140d9ddc635db10c4ea0981867b67f0188064a3d18b4bfcb46c1b6ac859eebc501ec1cdfe53a3a8
-
SSDEEP
3072:yI6bftBVxtWBhOSBw3GMPfY98JfZmKP7uasFMakqYTfcIh+2oALNZCiZm8:yI6bftnxtZSBC498JzP7XsqakRTfc6+e
Malware Config
Extracted
http://www.2fs.com.au/tmp/rkn.exe
Targets
-
-
Target
45d044f0b47e5b2f56cd81fd9e615e2b9960cdef3a4a9c69e11d014b4bb1d32f
-
Size
191KB
-
MD5
cf75c33403bad87a59b0161576779ba2
-
SHA1
e4131593e9be8b994b49241cd2700479ddbfdab1
-
SHA256
45d044f0b47e5b2f56cd81fd9e615e2b9960cdef3a4a9c69e11d014b4bb1d32f
-
SHA512
79f9a2753e3076cd5febbdfb438c6f98c718c10190a7663c4140d9ddc635db10c4ea0981867b67f0188064a3d18b4bfcb46c1b6ac859eebc501ec1cdfe53a3a8
-
SSDEEP
3072:yI6bftBVxtWBhOSBw3GMPfY98JfZmKP7uasFMakqYTfcIh+2oALNZCiZm8:yI6bftnxtZSBC498JzP7XsqakRTfc6+e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-