General
-
Target
Ommega Publishers.one
-
Size
261KB
-
Sample
230322-2mse6sdg6x
-
MD5
8b4a7b4ee51b641124a263d9e8c114b3
-
SHA1
a153a4a757fe531501c47e2b77bf64fe8f9173c2
-
SHA256
d163741dd3c1e6c3cd1f167d480af853c7e09841a6ee7952929aaa20cdef2662
-
SHA512
18c3a3f80a01d048f0624a903c901eea71066570accefed7686ab3304cf152ecad4f5543a79b262fa87586d9531c360586182e8deb48969723a13ce49a484a00
-
SSDEEP
3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXL:FeHrBwsYXm5ZGa3vRXm5ZGa3vq
Malware Config
Targets
-
-
Target
Ommega Publishers.one
-
Size
261KB
-
MD5
8b4a7b4ee51b641124a263d9e8c114b3
-
SHA1
a153a4a757fe531501c47e2b77bf64fe8f9173c2
-
SHA256
d163741dd3c1e6c3cd1f167d480af853c7e09841a6ee7952929aaa20cdef2662
-
SHA512
18c3a3f80a01d048f0624a903c901eea71066570accefed7686ab3304cf152ecad4f5543a79b262fa87586d9531c360586182e8deb48969723a13ce49a484a00
-
SSDEEP
3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXL:FeHrBwsYXm5ZGa3vRXm5ZGa3vq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-