General
-
Target
21b3a9b03027779dc3070481a468b211.zip
-
Size
120KB
-
Sample
230402-xn2b9abc6x
-
MD5
4838f47bab3124fc72a3e89f91717b8a
-
SHA1
ea747cc1d87ac21dca35bd989c19e97bf1895aca
-
SHA256
2abeaf4f1a0bea26a83fc03eeaabaf1c41c9e85115caaea0010ad07c363c2dc9
-
SHA512
a67ab1e98297f4906bd0348c5e0f4e858494b0454ac6b1de504df23c2b70f099b4ccba4bd276c38923f65ba101c792cd138c58390e2238cf9602fa67460377a8
-
SSDEEP
3072:xWg3LcqmSWSWz7Tt/7f6wpPkx8QH6X+AbK8WHA+o9g6uBClQc/up:xbAqCSQBznQpAk4BGCll/k
Malware Config
Extracted
http://qstride.com/img/0/
http://tskgear.com/wp-content/uploads/2015/06/pz/
http://vermasiyaahi.com/cgi-bin/8/
http://www.weblabor.com.br/avisos/QIU9/
http://viniciusrangel.com/experimental/VIhMh1/
http://westvac.com/wp-content/GOYx/
https://viewall.eu/cgi-bin/SbhZP9X/
Targets
-
-
Target
PTD-080120 ZGO-082920.doc
-
Size
223KB
-
MD5
21b3a9b03027779dc3070481a468b211
-
SHA1
6cbaadce0d5e96e9183d01363e26ea7fe8c6cc62
-
SHA256
7dc9821a27cbc29bddb4bb3c708aad0b24a82d9beb1a2df9caeabf7ea6bd8e06
-
SHA512
1b2146c0c83cdb7e438465225d7b10813ccf47ee37bc9b13ec6a1572c56f494359a7252218262a0003ab5cf820ab69baf67ba48bf60b448e65ffca0388a98b71
-
SSDEEP
3072:P7Yy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////E:10uXnWFchmmcI/o1/NO5j4nwKz7Oc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-