General
-
Target
ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
-
Size
216KB
-
Sample
230130-b4cg6sec8w
-
MD5
2486374800299563ab8934122234242a
-
SHA1
47bfe94aa96ef43231890f04ccd286b0888e10c8
-
SHA256
ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
-
SHA512
74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5
-
SSDEEP
6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK
Behavioral task
behavioral1
Sample
ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c.xls
Resource
win10-20220901-en
Malware Config
Extracted
https://audioselec.com/about/dDw5ggtyMojggTqhc/
https://geringer-muehle.de/wp-admin/G/
http://intolove.co.uk/wp-admin/FbGhiWtrEzrQ/
http://isc.net.ua/themes/3rU/
Targets
-
-
Target
ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
-
Size
216KB
-
MD5
2486374800299563ab8934122234242a
-
SHA1
47bfe94aa96ef43231890f04ccd286b0888e10c8
-
SHA256
ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
-
SHA512
74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5
-
SSDEEP
6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation