General
-
Target
9745c724723dca220191f559ead048c71e9d32b09170f6cca67da675e15652f6
-
Size
36KB
-
Sample
230131-mq9fjahg41
-
MD5
3a2606e0a03b10a2748b8435e38fee90
-
SHA1
7ce08a5e4c5e41871a8ce6e0feaafc6b10bf5cd0
-
SHA256
a643818c62e3f6bcea7a4f23a1f3ac79f5279b5ba0dc9995dc1d662aea1e69c8
-
SHA512
ff9d1a94d2969adedd2c0b65cd6faaffcf9a1a471069f20c69cec5ed47c44a3b7adfc9a25ae3255b6c959fafce9ac01d50833bed611cbc49da0b218eada2dfd9
-
SSDEEP
768:6j1ZuARyurI+x/3zfy0hiOU1fD20XTpN+eTkyk2UaVEkh:6jrRIUjfJW1L2qT+kkozh
Malware Config
Targets
-
-
Target
9745c724723dca220191f559ead048c71e9d32b09170f6cca67da675e15652f6
-
Size
72KB
-
MD5
da142727f84d34429bf93bfa35c9afae
-
SHA1
772e3c6c9946ca003dee6d5fef130f27bd9ce702
-
SHA256
9745c724723dca220191f559ead048c71e9d32b09170f6cca67da675e15652f6
-
SHA512
f53e780b6ea8595a95cac5275de12889d5f43469adf25e00697f815cba08992ece0f52f2e43f3ae226ce6a1ab643e264724cce2b1f4db60d474d4a842f5a0738
-
SSDEEP
1536:3vAkGoo+bH/J027ZKxyafwhHCC/mq1ktG:3vuWbaRgaYtX1ktG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-