General
-
Target
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e
-
Size
174KB
-
Sample
221130-sf8n5sde9z
-
MD5
29457933f07c5356e14671373b007290
-
SHA1
a3c66f5d9bad7a567e8057601b0c2ba3aa47013a
-
SHA256
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e
-
SHA512
e7bbef93b6bb7b8c0dadfbfa555bd7fabcb738ef460973cf2777f701991b3cdf6184a1c2cab2b758c0935e3f4a17d24b681021b11c21a6f7ea6ac89df45f6f60
-
SSDEEP
3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qqa/fbxk7130dxXqxhz:/77HUUUUUUUUUUUUUUUUUUUT52Vda/f4
Behavioral task
behavioral1
Sample
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e.doc
Resource
win10v2004-20221111-en
Malware Config
Extracted
https://almowaredah.com/wp-content/bGZ/
https://saberprotech.com/wp-admin/lano5J/
https://brahmanbariatribune.com/wp-admin/CMQwB/
http://tattoocum.xyz/wp-includes/KIkf4d/
http://jasawebsite.online/wp-admin/HkM6/
Targets
-
-
Target
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e
-
Size
174KB
-
MD5
29457933f07c5356e14671373b007290
-
SHA1
a3c66f5d9bad7a567e8057601b0c2ba3aa47013a
-
SHA256
047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e
-
SHA512
e7bbef93b6bb7b8c0dadfbfa555bd7fabcb738ef460973cf2777f701991b3cdf6184a1c2cab2b758c0935e3f4a17d24b681021b11c21a6f7ea6ac89df45f6f60
-
SSDEEP
3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qqa/fbxk7130dxXqxhz:/77HUUUUUUUUUUUUUUUUUUUT52Vda/f4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-